Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5903-1

Ubuntu Security Notice 5903-1 - It was discovered that lighttpd incorrectly handled certain inputs, which could result in a stack buffer overflow. A remote attacker could possibly use this issue to cause a denial of service.

Packet Storm
#vulnerability#web#ubuntu#dos#buffer_overflow
=========================================================================Ubuntu Security Notice USN-5903-1February 28, 2023lighttpd vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in lighttpd.Software Description:- lighttpd: fast webserver with minimal memory footprintDetails:It was discovered that lighttpd incorrectly handled certain inputs, which couldresult in a stack buffer overflow. A remote attacker could possibly use thisissue to cause a denial of service (DoS). (CVE-2022-22707, CVE-2022-41556)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:  lighttpd                        1.4.65-2ubuntu1.1Ubuntu 22.04 LTS:  lighttpd                        1.4.63-1ubuntu3.1Ubuntu 20.04 LTS:  lighttpd                        1.4.55-1ubuntu1.20.04.2After a standard system update you need to restart lighttpd to makeall the necessary changes.References:  https://ubuntu.com/security/notices/USN-5903-1  CVE-2022-22707, CVE-2022-41556Package Information:  https://launchpad.net/ubuntu/+source/lighttpd/1.4.65-2ubuntu1.1  https://launchpad.net/ubuntu/+source/lighttpd/1.4.63-1ubuntu3.1  https://launchpad.net/ubuntu/+source/lighttpd/1.4.55-1ubuntu1.20.04.2

Related news

CVE-2022-41556: [core] release connections in CLOSE_WAIT & CON_STATE_READ_POST state by gmd20 · Pull Request #115 · lighttpd/lighttpd1.4

A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.

CVE-2022-34102: Crestron Electronics, Inc.

Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution