openSUSE-SU-2019:2347-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:2347-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2019:2347-1
- Related
- Published
- 2019-10-20T17:22:17Z
- Modified
- 2019-10-20T17:22:17Z
- Summary
- Security update for lighttpd
- Details
-
This update for lighttpd to version 1.4.54 fixes the following issues:
Security issues fixed:
- CVE-2018-19052: Fixed a path traversal in mod_alias (boo#1115016).
- Changed the default TLS configuration of lighttpd for better security out-of-the-box (boo#1087369).
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VOBJZNTYGCVJJSLH5SFMUWQQJH3XPGJW/#VOBJZNTYGCVJJSLH5SFMUWQQJH3XPGJW
- https://bugzilla.suse.com/1087369
- https://bugzilla.suse.com/1111733
- https://bugzilla.suse.com/1115016
- https://bugzilla.suse.com/1153722
- https://www.suse.com/security/cve/CVE-2018-19052
Affected packages
SUSE:Package Hub 15 / lighttpd
Package
- Name
- lighttpd
- Purl
- pkg:rpm/suse/lighttpd&distro=SUSE%20Package%20Hub%2015
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.54-bp151.4.3.1
Ecosystem specific
{
"binaries": [
{
"lighttpd-mod_vhostdb_mysql": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_pam": "1.4.54-bp151.4.3.1",
"lighttpd-mod_trigger_b4_dl": "1.4.54-bp151.4.3.1",
"lighttpd": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_ldap": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_gssapi": "1.4.54-bp151.4.3.1",
"lighttpd-mod_magnet": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_mysql": "1.4.54-bp151.4.3.1",
"lighttpd-mod_geoip": "1.4.54-bp151.4.3.1",
"lighttpd-mod_rrdtool": "1.4.54-bp151.4.3.1",
"lighttpd-mod_vhostdb_pgsql": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_sasl": "1.4.54-bp151.4.3.1",
"lighttpd-mod_cml": "1.4.54-bp151.4.3.1",
"lighttpd-mod_vhostdb_dbi": "1.4.54-bp151.4.3.1",
"lighttpd-mod_maxminddb": "1.4.54-bp151.4.3.1",
"lighttpd-mod_vhostdb_ldap": "1.4.54-bp151.4.3.1",
"lighttpd-mod_mysql_vhost": "1.4.54-bp151.4.3.1",
"lighttpd-mod_webdav": "1.4.54-bp151.4.3.1"
}
]
}
SUSE:Package Hub 15 SP1 / lighttpd
Package
- Name
- lighttpd
- Purl
- pkg:rpm/suse/lighttpd&distro=SUSE%20Package%20Hub%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.54-bp151.4.3.1
Ecosystem specific
{
"binaries": [
{
"lighttpd-mod_vhostdb_mysql": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_pam": "1.4.54-bp151.4.3.1",
"lighttpd-mod_trigger_b4_dl": "1.4.54-bp151.4.3.1",
"lighttpd": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_ldap": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_gssapi": "1.4.54-bp151.4.3.1",
"lighttpd-mod_magnet": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_mysql": "1.4.54-bp151.4.3.1",
"lighttpd-mod_geoip": "1.4.54-bp151.4.3.1",
"lighttpd-mod_rrdtool": "1.4.54-bp151.4.3.1",
"lighttpd-mod_vhostdb_pgsql": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_sasl": "1.4.54-bp151.4.3.1",
"lighttpd-mod_cml": "1.4.54-bp151.4.3.1",
"lighttpd-mod_vhostdb_dbi": "1.4.54-bp151.4.3.1",
"lighttpd-mod_maxminddb": "1.4.54-bp151.4.3.1",
"lighttpd-mod_vhostdb_ldap": "1.4.54-bp151.4.3.1",
"lighttpd-mod_mysql_vhost": "1.4.54-bp151.4.3.1",
"lighttpd-mod_webdav": "1.4.54-bp151.4.3.1"
}
]
}
openSUSE:Leap 15.0 / lighttpd
Package
- Name
- lighttpd
- Purl
- pkg:rpm/opensuse/lighttpd&distro=openSUSE%20Leap%2015.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.54-bp151.4.3.1
Ecosystem specific
{
"binaries": [
{
"lighttpd-mod_vhostdb_mysql": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_pam": "1.4.54-bp151.4.3.1",
"lighttpd-mod_trigger_b4_dl": "1.4.54-bp151.4.3.1",
"lighttpd": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_ldap": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_gssapi": "1.4.54-bp151.4.3.1",
"lighttpd-mod_magnet": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_mysql": "1.4.54-bp151.4.3.1",
"lighttpd-mod_geoip": "1.4.54-bp151.4.3.1",
"lighttpd-mod_rrdtool": "1.4.54-bp151.4.3.1",
"lighttpd-mod_vhostdb_pgsql": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_sasl": "1.4.54-bp151.4.3.1",
"lighttpd-mod_cml": "1.4.54-bp151.4.3.1",
"lighttpd-mod_vhostdb_dbi": "1.4.54-bp151.4.3.1",
"lighttpd-mod_maxminddb": "1.4.54-bp151.4.3.1",
"lighttpd-mod_vhostdb_ldap": "1.4.54-bp151.4.3.1",
"lighttpd-mod_mysql_vhost": "1.4.54-bp151.4.3.1",
"lighttpd-mod_webdav": "1.4.54-bp151.4.3.1"
}
]
}
openSUSE:Leap 15.1 / lighttpd
Package
- Name
- lighttpd
- Purl
- pkg:rpm/opensuse/lighttpd&distro=openSUSE%20Leap%2015.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.54-bp151.4.3.1
Ecosystem specific
{
"binaries": [
{
"lighttpd-mod_vhostdb_mysql": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_pam": "1.4.54-bp151.4.3.1",
"lighttpd-mod_trigger_b4_dl": "1.4.54-bp151.4.3.1",
"lighttpd": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_ldap": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_gssapi": "1.4.54-bp151.4.3.1",
"lighttpd-mod_magnet": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_mysql": "1.4.54-bp151.4.3.1",
"lighttpd-mod_geoip": "1.4.54-bp151.4.3.1",
"lighttpd-mod_rrdtool": "1.4.54-bp151.4.3.1",
"lighttpd-mod_vhostdb_pgsql": "1.4.54-bp151.4.3.1",
"lighttpd-mod_authn_sasl": "1.4.54-bp151.4.3.1",
"lighttpd-mod_cml": "1.4.54-bp151.4.3.1",
"lighttpd-mod_vhostdb_dbi": "1.4.54-bp151.4.3.1",
"lighttpd-mod_maxminddb": "1.4.54-bp151.4.3.1",
"lighttpd-mod_vhostdb_ldap": "1.4.54-bp151.4.3.1",
"lighttpd-mod_mysql_vhost": "1.4.54-bp151.4.3.1",
"lighttpd-mod_webdav": "1.4.54-bp151.4.3.1"
}
]
}