Overview

File _patchinfo of Package patchinfo.2374

<patchinfo>
 <issue id="850469" tracker="bnc">VUL-0: CVE-2013-4560: lighttpd: possible remote DoS</issue>
  <issue id="850468" tracker="bnc">VUL-0: CVE-2013-4559: lighttpd: privilege escalation from lighttpd configured user</issue>
  <issue id="849059" tracker="bnc">VUL-0: CVE-2013-4508: lighttpd using vulnerable cipher suites with SNI</issue>
  <issue id="CVE-2013-4560" tracker="cve" />
  <issue id="CVE-2013-4508" tracker="cve" />
  <issue id="CVE-2013-4559" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>darix</packager>
  <description>
- added cve-2013-4508.patch and
  cve-2013-4508-regression-bug729480.patch: (bnc#849059)
  When defining an ssl.cipher-list, it works for the 'default'
  HTTPS setup ($SERVER["socket"] 443 block), but when you utilize
  SNI ($HTTP["host"] blocks within the $SERVER["socket"] block) the
  ssl.cipher-list seems to not inherit into the host blocks and
  instead will default to include all of the available openssl
  ciphers (except SSL v2/v3 based if those are disabled)
- added cve-2013-4559.patch (bnc#850468)
  check success of setuid,setgid,setgroups
- added cve-2013-4560.patch (bnc#850469)
  FAM: fix use after free

- added cve-2013-4508.patch and
  cve-2013-4508-regression-bug729480.patch: (bnc#849059)
  When defining an ssl.cipher-list, it works for the 'default'
  HTTPS setup ($SERVER["socket"] 443 block), but when you utilize
  SNI ($HTTP["host"] blocks within the $SERVER["socket"] block) the
  ssl.cipher-list seems to not inherit into the host blocks and
  instead will default to include all of the available openssl
  ciphers (except SSL v2/v3 based if those are disabled)
- added cve-2013-4559.patch (bnc#850468)
  check success of setuid,setgid,setgroups
- added cve-2013-4560.patch (bnc#850469)
  FAM: fix use after free

- added cve-2013-4508.patch and
  cve-2013-4508-regression-bug729480.patch: (bnc#849059)
  When defining an ssl.cipher-list, it works for the 'default'
  HTTPS setup ($SERVER["socket"] 443 block), but when you utilize
  SNI ($HTTP["host"] blocks within the $SERVER["socket"] block) the
  ssl.cipher-list seems to not inherit into the host blocks and
  instead will default to include all of the available openssl
  ciphers (except SSL v2/v3 based if those are disabled)
- added cve-2013-4559.patch (bnc#850468)
  check success of setuid,setgid,setgroups
- added cve-2013-4560.patch (bnc#850469)
  FAM: fix use after free
</description>
  <summary>update for lighttpd</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places