Test ID:	1.3.6.1.4.1.25623.1.0.833878
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for lighttpd (openSUSE-SU-2022:10140-1)
Summary:	The remote host is missing an update for the 'lighttpd'; package(s) announced via the openSUSE-SU-2022:10140-1 advisory.
Description:	Summary: The remote host is missing an update for the 'lighttpd' package(s) announced via the openSUSE-SU-2022:10140-1 advisory. Vulnerability Insight: This update for lighttpd fixes the following issues: lighttpd was updated to 1.4.67: * Update comment about TCP_INFO on OpenBSD * [mod_ajp13] fix crash with bad response headers (fixes #3170) * [core] handle RDHUP when collecting chunked body CVE-2022-41556 (boo#1203872) * [core] tweak streaming request body to backends * [core] handle ENOSPC with pwritev() (#3171) * [core] manually calculate off_t max (fixes #3171) * [autoconf] force large file support (#3171) * [multiple] quiet coverity warnings using casts * [meson] add license keyword to project declaration Affected Software/OS: 'lighttpd' package(s) on openSUSE Backports SLE-15-SP4. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-41556 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVOSBSCMLGCHH2Z74H64ZWVDFJFQTBC2/ https://security.gentoo.org/glsa/202210-12 https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 https://github.com/lighttpd/lighttpd1.4/compare/lighttpd-1.4.66...lighttpd-1.4.67 https://github.com/lighttpd/lighttpd1.4/pull/115
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.