Overview

File _patchinfo of Package patchinfo.17679

<patchinfo incident="17679">
  <issue tracker="cve" id="2022-41556"/>
  <issue tracker="bnc" id="1203872">VUL-0: CVE-2022-41556: lighttpd: resource leak in mod_fastcgi and mod_scgi could lead to a denial of service after a large number of bad HTTP requests</issue>
  <packager>AndreasStieger</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for lighttpd</summary>
  <description>This update for lighttpd fixes the following issues:

lighttpd was updated to 1.4.67:

* Update comment about TCP_INFO on OpenBSD
* [mod_ajp13] fix crash with bad response headers (fixes #3170)
* [core] handle RDHUP when collecting chunked body CVE-2022-41556 (boo#1203872)
* [core] tweak streaming request body to backends
* [core] handle ENOSPC with pwritev() (#3171)
* [core] manually calculate off_t max (fixes #3171)
* [autoconf] force large file support (#3171)
* [multiple] quiet coverity warnings using casts
* [meson] add license keyword to project declaration
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places