USN-5903-1

Source

https://ubuntu.com/security/notices/USN-5903-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5903-1.json

Related

Published

2023-02-28T15:42:16.947816Z

Modified

2023-02-28T15:42:16.947816Z

Summary

lighttpd vulnerabilities

Details

It was discovered that lighttpd incorrectly handled certain inputs, which could result in a stack buffer overflow. A remote attacker could possibly use this issue to cause a denial of service (DoS). (CVE-2022-22707, CVE-2022-41556)

References

Affected packages

Ubuntu:22.04:LTS / lighttpd

Package

Name: lighttpd

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.4.63-1ubuntu3.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "lighttpd-mod-trigger-b4-dl": "1.4.63-1ubuntu3.1",
            "lighttpd-mod-maxminddb": "1.4.63-1ubuntu3.1",
            "lighttpd-mod-nss": "1.4.63-1ubuntu3.1",
            "lighttpd-mod-webdav": "1.4.63-1ubuntu3.1",
            "lighttpd": "1.4.63-1ubuntu3.1",
            "lighttpd-mod-geoip": "1.4.63-1ubuntu3.1",
            "lighttpd-mod-deflate": "1.4.63-1ubuntu3.1",
            "lighttpd-modules-mysql": "1.4.63-1ubuntu3.1",
            "lighttpd-mod-authn-gssapi": "1.4.63-1ubuntu3.1",
            "lighttpd-modules-lua": "1.4.63-1ubuntu3.1",
            "lighttpd-mod-authn-sasl": "1.4.63-1ubuntu3.1",
            "lighttpd-mod-openssl": "1.4.63-1ubuntu3.1",
            "lighttpd-mod-wolfssl": "1.4.63-1ubuntu3.1",
            "lighttpd-mod-vhostdb-pgsql": "1.4.63-1ubuntu3.1",
            "lighttpd-doc": "1.4.63-1ubuntu3.1",
            "lighttpd-modules-dbi": "1.4.63-1ubuntu3.1",
            "lighttpd-modules-ldap": "1.4.63-1ubuntu3.1",
            "lighttpd-mod-authn-pam": "1.4.63-1ubuntu3.1",
            "lighttpd-mod-mbedtls": "1.4.63-1ubuntu3.1"
        }
    ]
}

Ubuntu:20.04:LTS / lighttpd

Package

Name: lighttpd

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.4.55-1ubuntu1.20.04.2

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "lighttpd-mod-trigger-b4-dl": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd-mod-maxminddb": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd-mod-webdav": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd-mod-geoip": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd-modules-mysql": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd-mod-authn-gssapi": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd-mod-vhostdb-dbi": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd-mod-authn-sasl": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd-mod-authn-pam": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd-mod-vhostdb-pgsql": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd-doc": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd-dev": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd-mod-magnet": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd-modules-ldap": "1.4.55-1ubuntu1.20.04.2",
            "lighttpd-mod-cml": "1.4.55-1ubuntu1.20.04.2"
        }
    ]
}