CVE-2008-1531
Published: 27 March 2008
The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
Priority
Status
Package | Release | Status |
---|---|---|
lighttpd Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Released
(1.4.13~r1370-1ubuntu1.7)
|
|
feisty |
Released
(1.4.13-9ubuntu4.6)
|
|
gutsy |
Released
(1.4.18-1ubuntu1.4)
|
|
hardy |
Released
(1.4.19-0ubuntu3)
|
|
intrepid |
Released
(1.4.19-0ubuntu3)
|
|
jaunty |
Released
(1.4.19-0ubuntu3)
|
|
karmic |
Released
(1.4.19-0ubuntu3)
|
|
upstream |
Released
(1.4.19)
|
|
Patches: debdiff: https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490 |