Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
patchinfo.4364
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.4364
<patchinfo incident="4364"> <issue id="932286" tracker="bnc">VUL-1: CVE-2015-3200: lighttpd: log injection via malformed base64 string in Authentication header</issue> <issue id="981347" tracker="bnc">VUL-1: lighttpd: logrotate configuration for lighttpd is missing "su" directive</issue> <issue id="990847" tracker="bnc">VUL-0: CVE-2016-1000212: lighttpd: Setting HTTP_PROXY environment variable via Proxy header (httpoxy)</issue> <issue id="2015-3200" tracker="cve" /> <issue id="2016-1000212" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>darix</packager> <description> This update for lighttpd fixes the following issues: Security issues fixed: - CVE-2016-1000212: don't allow requests to set the HTTP_PROXY variable. As *CGI apps might pick it up and use it for outgoing requests (bsc#990847). - CVE-2015-3200: log injection via malformed base64 string in Authentication header (bsc#932286). Bugfixes: - added su directive to logrotate file as the directory is owned by lighttpd. (bsc#981347) - fix out of bounds read in mod_scgi (debian#857255) </description> <summary>Security update for lighttpd</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor