Updated lighttpd package fixes security vulnerabilities
Publication date: 19 Mar 2014Modification date: 19 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2323 , CVE-2014-2324
Description
SQL injection vulnerability in lighttpd before 1.4.35 when mod_mysql_vhost is in use, due to insufficient validation of hostnames in HTTP requests (CVE-2014-2323). Possible path traversal vulnerabilities in lighttpd before 1.4.35 when either mod_evhost or mod_simple_vhost are in use, due to insufficient validation of hostnames in HTTP requests (CVE-2014-2324).
References
SRPMS
4/core
- lighttpd-1.4.33-4.1.mga4
3/core
- lighttpd-1.4.32-3.7.mga3