DSA-2795-1 lighttpd -- severalID: oval:org.secpod.oval:def:601146 | Date: (C)2014-01-08 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the lighttpd web server. CVE-2013-4508 It was discovered that lighttpd uses weak ssl ciphers when SNI is enabled. This issue was solved by ensuring that stronger ssl ciphers are used when SNI is selected. CVE-2013-4559 The clang static analyzer was used to discover privilege escalation issues due to missing checks around lighttpd"s setuid, setgid, and setgroups calls. Those are now appropriately checked. CVE-2013-4560 The clang static analyzer was used to discover a use-after-free issue when the FAM stat cache engine is enabled, which is now fixed.
Platform: |
Debian 7.0 |
Debian 6.0 |