MGASA-2015-0338
- Source
- https://advisories.mageia.org/MGASA-2015-0338.html
- Import Source
- https://advisories.mageia.org/MGASA-2015-0338.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2015-0338
- Related
- Published
- 2015-09-08T07:20:40Z
- Modified
- 2015-09-08T07:03:39Z
- Summary
- Updated lighttpd packages fix CVE-2015-3200 & other bugs
- Details
-
Updated lighttpd packages fix security vulnerability:
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character (CVE-2015-3200).
The lighttpd package has been updated to version 1.4.37, fixing this issue and several other bugs.
In the Mageia 4 package, improvements have been made to the logrotate configuration and systemd service, allowing graceful reloading of configuration files and proper re-opening of log files (mga#15948, mga#15980).
- References
-
- https://advisories.mageia.org/MGASA-2015-0338.html
- https://bugs.mageia.org/show_bug.cgi?id=16555
- http://www.lighttpd.net/2015/7/26/1.4.36/
- http://www.lighttpd.net/2015/8/30/1.4.37/
- https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163223.html
- https://bugs.mageia.org/show_bug.cgi?id=15948
- https://bugs.mageia.org/show_bug.cgi?id=15980
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:4 / lighttpd
Package
- Name
- lighttpd
- Purl
- pkg:rpm/mageia/lighttpd?distro=mageia-4
Mageia:5 / lighttpd
Package
- Name
- lighttpd
- Purl
- pkg:rpm/mageia/lighttpd?distro=mageia-5