openSUSE-SU-2022:10140-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:10140-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2022:10140-1
Related
Published
2022-10-03T12:02:08Z
Modified
2022-10-03T12:02:08Z
Summary
Security update for lighttpd
Details

This update for lighttpd fixes the following issues:

lighttpd was updated to 1.4.67:

  • Update comment about TCP_INFO on OpenBSD
  • [mod_ajp13] fix crash with bad response headers (fixes #3170)
  • [core] handle RDHUP when collecting chunked body CVE-2022-41556 (boo#1203872)
  • [core] tweak streaming request body to backends
  • [core] handle ENOSPC with pwritev() (#3171)
  • [core] manually calculate off_t max (fixes #3171)
  • [autoconf] force large file support (#3171)
  • [multiple] quiet coverity warnings using casts
  • [meson] add license keyword to project declaration
References

Affected packages

SUSE:Package Hub 15 SP3 / lighttpd

Package

Name
lighttpd
Purl
pkg:rpm/suse/lighttpd&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.67-bp154.2.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "lighttpd-mod_vhostdb_mysql": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_vhostdb_dbi": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_maxminddb": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_vhostdb_ldap": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_gssapi": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_pam": "1.4.67-bp154.2.6.1",
            "lighttpd": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_ldap": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_magnet": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_rrdtool": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_vhostdb_pgsql": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_webdav": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_sasl": "1.4.67-bp154.2.6.1"
        }
    ]
}

SUSE:Package Hub 15 SP4 / lighttpd

Package

Name
lighttpd
Purl
pkg:rpm/suse/lighttpd&distro=SUSE%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.67-bp154.2.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "lighttpd-mod_vhostdb_mysql": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_vhostdb_dbi": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_maxminddb": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_vhostdb_ldap": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_gssapi": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_pam": "1.4.67-bp154.2.6.1",
            "lighttpd": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_ldap": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_magnet": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_rrdtool": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_vhostdb_pgsql": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_webdav": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_sasl": "1.4.67-bp154.2.6.1"
        }
    ]
}

openSUSE:Leap 15.3 / lighttpd

Package

Name
lighttpd
Purl
pkg:rpm/opensuse/lighttpd&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.67-bp154.2.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "lighttpd-mod_vhostdb_mysql": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_vhostdb_dbi": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_maxminddb": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_vhostdb_ldap": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_gssapi": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_pam": "1.4.67-bp154.2.6.1",
            "lighttpd": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_ldap": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_magnet": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_rrdtool": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_vhostdb_pgsql": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_webdav": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_sasl": "1.4.67-bp154.2.6.1"
        }
    ]
}

openSUSE:Leap 15.4 / lighttpd

Package

Name
lighttpd
Purl
pkg:rpm/opensuse/lighttpd&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.67-bp154.2.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "lighttpd-mod_vhostdb_mysql": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_vhostdb_dbi": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_maxminddb": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_vhostdb_ldap": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_gssapi": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_pam": "1.4.67-bp154.2.6.1",
            "lighttpd": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_ldap": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_magnet": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_rrdtool": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_vhostdb_pgsql": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_webdav": "1.4.67-bp154.2.6.1",
            "lighttpd-mod_authn_sasl": "1.4.67-bp154.2.6.1"
        }
    ]
}