lighttpd is a lightweight high-performance web server.
Multiple vulnerabilities have been reported in lighttpd:
A remote attacker could exploit these vulnerabilities to cause a Denial of Service, to bypass intended access restrictions, to obtain sensitive information, or to possibly modify data.
There is no known workaround at this time.
All lighttpd users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.20"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | www-servers/lighttpd | < 1.4.20 | UNKNOWN |