It was discovered that Lighttpd did not properly sanitized the string used in basic HTTP authentication method. A remote attacker could use this to inject arbitrary log entries and maybe obtain sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2015-3200)
It was discovered that Lighttpd did not properly sanitized the string used in alias. A remote attacker could use this to access the content of the directory above the alias and obtain sensitive information. (CVE-2018-19052)
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "lighttpd-dbgsym": "1.4.33-1+nmu2ubuntu2.1+esm1", "lighttpd-mod-trigger-b4-dl": "1.4.33-1+nmu2ubuntu2.1+esm1", "lighttpd-mod-cml-dbgsym": "1.4.33-1+nmu2ubuntu2.1+esm1", "lighttpd-mod-trigger-b4-dl-dbgsym": "1.4.33-1+nmu2ubuntu2.1+esm1", "lighttpd": "1.4.33-1+nmu2ubuntu2.1+esm1", "lighttpd-mod-mysql-vhost-dbgsym": "1.4.33-1+nmu2ubuntu2.1+esm1", "lighttpd-mod-magnet-dbgsym": "1.4.33-1+nmu2ubuntu2.1+esm1", "lighttpd-mod-webdav": "1.4.33-1+nmu2ubuntu2.1+esm1", "lighttpd-doc": "1.4.33-1+nmu2ubuntu2.1+esm1", "lighttpd-dev": "1.4.33-1+nmu2ubuntu2.1+esm1", "lighttpd-mod-magnet": "1.4.33-1+nmu2ubuntu2.1+esm1", "lighttpd-mod-webdav-dbgsym": "1.4.33-1+nmu2ubuntu2.1+esm1", "lighttpd-mod-mysql-vhost": "1.4.33-1+nmu2ubuntu2.1+esm1", "lighttpd-mod-cml": "1.4.33-1+nmu2ubuntu2.1+esm1" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "lighttpd-dbgsym": "1.4.35-4ubuntu2.1+esm1", "lighttpd-mod-trigger-b4-dl": "1.4.35-4ubuntu2.1+esm1", "lighttpd-mod-cml-dbgsym": "1.4.35-4ubuntu2.1+esm1", "lighttpd-mod-trigger-b4-dl-dbgsym": "1.4.35-4ubuntu2.1+esm1", "lighttpd": "1.4.35-4ubuntu2.1+esm1", "lighttpd-mod-mysql-vhost-dbgsym": "1.4.35-4ubuntu2.1+esm1", "lighttpd-mod-magnet-dbgsym": "1.4.35-4ubuntu2.1+esm1", "lighttpd-mod-webdav": "1.4.35-4ubuntu2.1+esm1", "lighttpd-doc": "1.4.35-4ubuntu2.1+esm1", "lighttpd-dev": "1.4.35-4ubuntu2.1+esm1", "lighttpd-mod-magnet": "1.4.35-4ubuntu2.1+esm1", "lighttpd-mod-webdav-dbgsym": "1.4.35-4ubuntu2.1+esm1", "lighttpd-mod-mysql-vhost": "1.4.35-4ubuntu2.1+esm1", "lighttpd-mod-cml": "1.4.35-4ubuntu2.1+esm1" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "lighttpd-dbgsym": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-trigger-b4-dl": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-authn-gssapi-dbgsym": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-cml-dbgsym": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-trigger-b4-dl-dbgsym": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-mysql-vhost-dbgsym": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-geoip": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-magnet-dbgsym": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-webdav": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-geoip-dbgsym": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-authn-gssapi": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-authn-mysql-dbgsym": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-authn-ldap": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-doc": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-dev": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-magnet": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-webdav-dbgsym": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-mysql-vhost": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-authn-mysql": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-authn-ldap-dbgsym": "1.4.45-1ubuntu3.18.04.1+esm1", "lighttpd-mod-cml": "1.4.45-1ubuntu3.18.04.1+esm1" } ] }