Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0369)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2022.0369

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2022-0369)

Zusammenfassung: The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2022-0369 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2022-0369 advisory.

Vulnerability Insight:
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function
pointer if an invalid HTTP request (websocket handshake) is received. It
leads to null pointer dereference which crashes the server. It could be
used by an external attacker to cause denial of service condition.
(CVE-2022-37797)

A resource leak in mod_fastcgi and mod_scgi could lead to a denial of
service after a large number of bad HTTP requests. (CVE-2022-41556)

Affected Software/OS:
'lighttpd' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2022-37797
Debian Security Information: DSA-5243 (Google Search)
https://www.debian.org/security/2022/dsa-5243
https://security.gentoo.org/glsa/202210-12
https://redmine.lighttpd.net/issues/3165
https://lists.debian.org/debian-lts-announce/2022/10/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-41556
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVOSBSCMLGCHH2Z74H64ZWVDFJFQTBC2/
https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50
https://github.com/lighttpd/lighttpd1.4/compare/lighttpd-1.4.66...lighttpd-1.4.67
https://github.com/lighttpd/lighttpd1.4/pull/115

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2022.0369
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2022-0369)
Zusammenfassung:	The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2022-0369 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2022-0369 advisory. Vulnerability Insight: In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797) A resource leak in mod_fastcgi and mod_scgi could lead to a denial of service after a large number of bad HTTP requests. (CVE-2022-41556) Affected Software/OS: 'lighttpd' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-37797 Debian Security Information: DSA-5243 (Google Search) https://www.debian.org/security/2022/dsa-5243 https://security.gentoo.org/glsa/202210-12 https://redmine.lighttpd.net/issues/3165 https://lists.debian.org/debian-lts-announce/2022/10/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2022-41556 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVOSBSCMLGCHH2Z74H64ZWVDFJFQTBC2/ https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 https://github.com/lighttpd/lighttpd1.4/compare/lighttpd-1.4.66...lighttpd-1.4.67 https://github.com/lighttpd/lighttpd1.4/pull/115
Copyright	Copyright (C) 2022 Greenbone AG