Advisories ยป MGASA-2014-0133

Updated lighttpd package fixes security vulnerabilities

Publication date: 19 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2323 , CVE-2014-2324

Description

SQL injection vulnerability in lighttpd before 1.4.35 when
mod_mysql_vhost is in use, due to insufficient validation of hostnames in
HTTP requests (CVE-2014-2323).

Possible path traversal vulnerabilities in lighttpd before 1.4.35 when
either mod_evhost or mod_simple_vhost are in use, due to insufficient
validation of hostnames in HTTP requests (CVE-2014-2324).
                

References

SRPMS

4/core

3/core