[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] lighttpd 1.4.32 released, fixing CVE-2012-5533
From:       Stefan =?UTF-8?B?QsO8aGxlcg==?= <stbuehler () lighttpd ! net>
Date:       2012-11-21 12:20:13
Message-ID: 20121121132013.350a82fb () chromobil ! local
[Download RAW message or body]


Hi,

we just released lighttpd 1.4.32, fixing a DoS reported by Jesse
Sipprell from McClatchy Interactive, Inc.

Sending "Connection: TE,,Keep-Alive" as header will trigger an endless
loop; as lighttpd is single threaded all request handling will stop
immediately.

Only lighttpd 1.4.31 is affected by this.

For more details and other changes see:
* http://www.lighttpd.net/2012/11/21/1-4-32/
* http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt

Regards,
Stefan

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]