SUSE Package Hub - openSUSE-2019-2347

Update Info

openSUSE-2019-2347

Security update for lighttpd

Type: security

Severity: moderate

Issued: 2019-10-20

Description:

This update for lighttpd to version 1.4.54 fixes the following issues:

Security issues fixed:

- CVE-2018-19052: Fixed a path traversal in mod_alias (boo#1115016).
- Changed the default TLS configuration of lighttpd for better security out-of-the-box (boo#1087369).

References

CVE: CVE-2018-19052
Bugzilla: 1153722 lighttpd build faild after update postgesql to 11
Bugzilla: 1115016 VUL-0: CVE-2018-19052: lighttpd: An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias co
Bugzilla: 1111733 Out of date package: openSUSE:Factory/lighttpd
Bugzilla: 1087369 Change default TLS configuration of lighttpd for better security out-of-the-box

Packages

lighttpd-1.4.54-bp151.4.3.1