New User, Welcome!     Login

memory footprint

[SECURITY] [DSA-1645-1] New lighttpd packages fix various problems

Problem type   : remote
Debian-specific: No
CVE Id(s)      : CVE-2008-4298 CVE-2008-4359 CVE-2008-4360

Several local/remote vulnerabilities have been discovered in lighttpd,
a fast webserver with minimal memory footprint. 

The Common Vulnerabilities and Exposures project identifies the following 
problems:

CVE-2008-4298

[SECURITY] [DSA 1987-1] New lighttpd packages fix denial of service

Debian-specific: no
Debian bug     : none
CVE ID         : CVE-2010-0295

Li Ming discovered that lighttpd, a small and fast webserver with minimal
memory footprint, is vulnerable to a denial of service attack due to bad
memory handling.  Slowly sending very small chunks of request data causes
lighttpd to allocate new buffers for each read instead of appending to
old ones.  An attacker can abuse this behaviour to cause denial of service
conditions due to memory exhaustion.

[SECURITY] [DSA 1521-1] New lighttpd packages fix arbitrary file disclosure

Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-1270

Julien Cayzac discovered that under certain circumstances lighttpd,
a fast webserver with minimal memory footprint, might allow the reading
of arbitrary files from the system.  This problem could only occur
with a non-standard configuration.

For the stable distribution (etch), this problem has been fixed in 
version 1.4.13-4etch6.

[SECURITY] [DSA 1609-1] New lighttpd packages fix multiple DOS issues

Debian-specific: no
CVE Id(s)      : CVE-2008-0983 CVE-2007-3948
Debian Bug     : 434888 466663

Several local/remote vulnerabilities have been discovered in lighttpd,
a fast webserver with minimal memory footprint.

The Common Vulnerabilities and Exposures project identifies the 
following problems:

CVE-2008-0983

CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK

 #1 - GIF image parsing heap overflow

The Graphics Interchange Format (GIF) is image format dating at least
from 1989 [7]. It was popularized because GIF images can be compressed
using the Lempel-Ziv-Welch (LZW) compression technique thus reducing the
memory footprint and bandwidth required for transmission and storage.

 A memory corruption condition happens within the GIF processing library
of the WebKit framework when the function 'GIFImageDecoder::onDecode()'
allocates a heap buffer based on the _Logical Screen Width and Height_
filed of the GIF header (offsets 6 and 8) and then the resulting buffer


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!