AnNyung Official Homepage Home > Update [ 1.3 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



lighttpd 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1204813265
업데이트 : 2008.03.06


상세내용

lighttpd 1.4.18-6 보안 업데이트

. CVE-2008-1111
When mod_cgi running onlighttpd is unable to fork anymore (for instance if
ulimit is reached) lighty sends the full source of the cgi script. This is
rather serious and affects all users of mod_cgi. The patch (found at lighttpd's
subversion repository) returns a 500 response instead.

업데이트 사항

- remove broken workaround for buggy Opera version with ssl/chunked encoding (#285)
- prevent crash in certain php-fcgi configurations (#841)
- remove compress cache file if compression or write failed (#1150)
- generate etag/last-modified header for on-the-fly-compressed files (#1171)
- req-method OPTIONS: do not insert default response if request was denied, do not
  deny OPTIONS by default (#1324)
- fixed initgroups() called after chroot (#1384)
- do not suppress content on "307 Temporary Redirect" (#1412)
- fixed Content-Length header if response body gets removed in connections.c (#1412, part 2)
- execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428)
- reset conditional cache (#1164)
- do not add Accept-Ranges header if range-request is disabled (#1449)
- fixed case-sensitive check for Auth-Method (#1456)
- fixed a bug that made /-prefixed extensions being handled also when
  matching the end of the uri in fcgi,scgi and proxy modules (#1489)
- log the ip of failed auth tries in error.log (enhancement #1544)
- fixed out of range access in fd array (#1562, #372)
- check for symlinks after successful pathinfo matching (#1574)
- spawn-fcgi: only try to connect to unix socket (not tcp) before spawning (#1575)
- fix min-procs handling in mod_scgi.c, just set to max-procs (patch from #623)

Autoupdates 지원 : Pakcages System 이용
  pkgadd -F lighttpd


update 패키지

  RPMS :

    . lighttpd-1.4.18-6.i686.rpm

  SRPMS :

    . lighttpd-1.4.18-6.src.rpm


참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1111
https://bugs.gentoo.org/show_bug.cgi?id=211956
http://trac.lighttpd.net/trac/changeset/2107



    



 Home > Update [ 1.3 ]

Copyright 2024 OOPS Development Organization 
LAST MODIFIED: 2018/04/10