lighttpd -- denial of service

ID DSA-1540
Type debian
Reporter Debian
Modified 2008-04-07T00:00:00


It was discovered that lighttpd, a fast webserver with minimal memory footprint, didn't correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections.

For the stable distribution (etch), this problem has been fixed in version 1.4.13-4etch7.

We recommend that you upgrade your lighttpd package.