CVE-2008-1531
Published: 27 March 2008
The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
lighttpd Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| edgy |
Released
(1.4.13~r1370-1ubuntu1.7)
|
|
| feisty |
Released
(1.4.13-9ubuntu4.6)
|
|
| gutsy |
Released
(1.4.18-1ubuntu1.4)
|
|
| hardy |
Released
(1.4.19-0ubuntu3)
|
|
| intrepid |
Released
(1.4.19-0ubuntu3)
|
|
| jaunty |
Released
(1.4.19-0ubuntu3)
|
|
| karmic |
Released
(1.4.19-0ubuntu3)
|
|
| upstream |
Released
(1.4.19)
|
|
|
Patches: debdiff: https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490 |
||