Security update for lighttpd
This update for lighttpd to version 1.4.54 fixes the following issues:
Security issues fixed:
- CVE-2018-19052: Fixed a path traversal in mod_alias (boo#1115016).
- Changed the default TLS configuration of lighttpd for better security out-of-the-box (boo#1087369).
-
Submitted by
Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#1087369
Change default TLS configuration of lighttpd for better security out-of-the-box
bnc#1111733
Out of date package: openSUSE:Factory/lighttpd
bnc#1153722
lighttpd build faild after update postgesql to 11
bnc#1115016
VUL-0: CVE-2018-19052: lighttpd: An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias co
