Test ID:	1.3.6.1.4.1.25623.1.1.10.2022.0369
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2022-0369)
Summary:	The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2022-0369 advisory.
Description:	Summary: The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2022-0369 advisory. Vulnerability Insight: In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797) A resource leak in mod_fastcgi and mod_scgi could lead to a denial of service after a large number of bad HTTP requests. (CVE-2022-41556) Affected Software/OS: 'lighttpd' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-37797 Debian Security Information: DSA-5243 (Google Search) https://www.debian.org/security/2022/dsa-5243 https://security.gentoo.org/glsa/202210-12 https://redmine.lighttpd.net/issues/3165 https://lists.debian.org/debian-lts-announce/2022/10/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2022-41556 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVOSBSCMLGCHH2Z74H64ZWVDFJFQTBC2/ https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 https://github.com/lighttpd/lighttpd1.4/compare/lighttpd-1.4.66...lighttpd-1.4.67 https://github.com/lighttpd/lighttpd1.4/pull/115
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.