Bugzilla – Bug 1203872
VUL-0: CVE-2022-41556: lighttpd: resource leak in mod_fastcgi and mod_scgi could lead to a denial of service after a large number of bad HTTP requests
Last modified: 2022-10-03 16:27:44 UTC
CVE-2022-41556 Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint. CVE-2022-41556 A resource leak in mod_fastcgi and mod_scgi could lead to a denial of service after a large number of bad HTTP requests. Upstream PR and commits: https://github.com/lighttpd/lighttpd1.4/pull/115 https://github.com/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 For the stable distribution (bullseye), these problems have been fixed in version 1.4.59-1+deb11u2. We recommend that you upgrade your lighttpd packages. For the detailed security status of lighttpd please refer to its security tracker page at: \ https://security-tracker.debian.org/tracker/lighttpd References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41556 https://security-tracker.debian.org/tracker/DSA-5243-1
SUSE codestreams not affected, openSUSE:Factory already fixed. Backports affected: openSUSE:Backports:SLE-15-SP3:Update openSUSE:Backports:SLE-15-SP4:Update
submitted
This is an autogenerated message for OBS integration: This bug (1203872) was mentioned in https://build.opensuse.org/request/show/1006862 Factory / lighttpd https://build.opensuse.org/request/show/1006863 Backports:SLE-15-SP3+Backports:SLE-15-SP4 / lighttpd
openSUSE-SU-2022:10140-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1203872 CVE References: CVE-2022-41556 JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): lighttpd-1.4.67-bp154.2.6.1 openSUSE Backports SLE-15-SP3 (src): lighttpd-1.4.67-bp153.2.12.1
Done