lighttpd畸形HTTP请求远程拒绝服务漏洞

2010-02-04T00:00:00
ID SSV:19062
Type seebug
Reporter Root
Modified 2010-02-04T00:00:00

Description

BUGTRAQ ID: 38036 CVE ID: CVE-2010-0295

Lighttpd是一款轻型的开放源码Web Server软件包。

Lighttpd服务器每次接收到网络报文都会分配4K或16K的堆内存,如果远程攻击者缓慢的发送HTTP请求(如每秒钟发送1字节),就会耗尽所有可用内存导致服务器终止。

LightTPD LightTPD 1.5 LightTPD LightTPD 1.4.x 厂商补丁:

Debian

Debian已经为此发布了一个安全公告(DSA-1987-1)以及相应补丁: DSA-1987-1:lighttpd -- denial of service 链接:http://www.debian.org/security/2010/dsa-1987

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12.dsc Size/MD5 checksum: 1108 a2be7a82e20970071251e5ca71fc660c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12.diff.gz Size/MD5 checksum: 39820 9f05aa3a52053d707be87c0f35912ec3

Architecture independent packages:

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch12_all.deb Size/MD5 checksum: 101098 6c7d7bfa494d88c38e9d53d44afcf49e

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_alpha.deb Size/MD5 checksum: 60370 f24388eda6bc606c663ef909d1484ba9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_alpha.deb Size/MD5 checksum: 320406 3fd29fadf48816d99fe9baf030bb9a1e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_alpha.deb Size/MD5 checksum: 65202 0d22456f747d42de3c957350ffda2025 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_alpha.deb Size/MD5 checksum: 72124 c913f4124bc228ca345264763f19c164 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_alpha.deb Size/MD5 checksum: 62148 50582d9263916db3e5c3add5b0c82f40 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_alpha.deb Size/MD5 checksum: 65638 bc8798836eb898e969fa1c74ced2263d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_amd64.deb Size/MD5 checksum: 61636 918877b620983d832971d5d3845f3c86 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_amd64.deb Size/MD5 checksum: 59926 d72fad101197b9177348b3fdfe59020d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_amd64.deb Size/MD5 checksum: 64500 086df21a5fda61077c12b320407ccb26 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_amd64.deb Size/MD5 checksum: 71032 bf00a3cd05e54d5aaa2cd91a9f79a5ac http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_amd64.deb Size/MD5 checksum: 64836 f604cc138b5a8de2b52f468efb3f0031 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_amd64.deb Size/MD5 checksum: 299794 08a9b33d69d1c7bb56d4b69a24205026

arm architecture (ARM)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_arm.deb Size/MD5 checksum: 61288 46a866402e943311aaeb5cbfb0eba5e3 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_arm.deb Size/MD5 checksum: 287600 eef09d18e1d37b7422adf10f06c97406 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_arm.deb Size/MD5 checksum: 59154 66b50d93049f016e5e6447b8ef813902 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_arm.deb Size/MD5 checksum: 63548 e90e7a91f702f3d65be26eeed1ac1987 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_arm.deb Size/MD5 checksum: 63340 dfd3a3db7d5e74c5abe7d64f3ec0d7f6 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_arm.deb Size/MD5 checksum: 70208 f8818b2dca75f3204d6d63946631904e

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_hppa.deb Size/MD5 checksum: 59804 67c275ae5602378c9c4690c53bda26b0 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_hppa.deb Size/MD5 checksum: 65376 4a4b7c631ad2ac9d112ecf58dba33edf http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_hppa.deb Size/MD5 checksum: 323098 1dec43cd0b18233203411686abcd1575 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_hppa.deb Size/MD5 checksum: 64868 8aaaf46ad4b092dba1ed2729db0facd2 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_hppa.deb Size/MD5 checksum: 72780 358ff940ee5da1aa7f1a20006a69c5ac http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_hppa.deb Size/MD5 checksum: 61806 b3510b57940378f1a7ef8f4841866cb9

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_i386.deb Size/MD5 checksum: 64392 b8f33f0e3411cf5451a0cea231409746 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_i386.deb Size/MD5 checksum: 64184 c005107155f2ae5cd6167d1f1d793d36 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_i386.deb Size/MD5 checksum: 61358 f29271c62a2aab415abf4780389ecb41 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_i386.deb Size/MD5 checksum: 59596 206fb9cfe9234db85ee0d417c3436ab4 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_i386.deb Size/MD5 checksum: 71496 6e6bef7d6a8665bd78763d37fed416ac http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_i386.deb Size/MD5 checksum: 290004 7a710389c6efef8a00b03ea2e960f17f

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_ia64.deb Size/MD5 checksum: 77590 6b5a71e75c89a8326b6072b6bb022d68 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_ia64.deb Size/MD5 checksum: 61692 617c3df2fd221fb5cecff9727120c307 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_ia64.deb Size/MD5 checksum: 63572 acd66904a46dda5035bcb2663c300c63 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_ia64.deb Size/MD5 checksum: 67886 444ecf614179b52ae21943765e10e605 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_ia64.deb Size/MD5 checksum: 68026 e1f719f2627bf0e4accf7b62c583096e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_ia64.deb Size/MD5 checksum: 404182 499f06d73dd67f6261bac97c993badac

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_mipsel.deb Size/MD5 checksum: 70550 dd5ffa7e015a857a820a7d1292c198a0 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_mipsel.deb Size/MD5 checksum: 61260 28b00ec06cbb66c20a68fadf979e203c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_mipsel.deb Size/MD5 checksum: 298420 0dd0ef6dff4f621fc5ba2fa57866a59d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_mipsel.deb Size/MD5 checksum: 59782 105197b36c2c6e99996be53030ef5df4 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_mipsel.deb Size/MD5 checksum: 64054 1c9287f4489e57f625a8f65c1f5eab20 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_mipsel.deb Size/MD5 checksum: 63886 d0c610558df8be7632606549115ba047

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_powerpc.deb Size/MD5 checksum: 65878 163285bde244d4b9301870c3ed3bc109 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_powerpc.deb Size/MD5 checksum: 63184 87516847b6e0a123fa6f6253688df4c1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_powerpc.deb Size/MD5 checksum: 66156 21324ae7baf21a46121c357641e9f36a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_powerpc.deb Size/MD5 checksum: 72542 823d715bcb56b54d5504fce88e7edeec http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_powerpc.deb Size/MD5 checksum: 61400 eaedc7afd640991e4a254d5075d68fae http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_powerpc.deb Size/MD5 checksum: 323732 7b170668d041f2019786bae992e623cd

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_s390.deb Size/MD5 checksum: 60200 a55b75f7dde8697326bb917d6adeabc8 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_s390.deb Size/MD5 checksum: 72204 dd41f5030ff57ceaa582810ba24fc0ee http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_s390.deb Size/MD5 checksum: 64866 472d22247b86c5861cd793712c182d9c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_s390.deb Size/MD5 checksum: 61740 5341aca4a88d614fa662cf153bcb897a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_s390.deb Size/MD5 checksum: 65256 9c2a42a08dc7bdbc9bacabf74329269d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_s390.deb Size/MD5 checksum: 307074 8f839f8e7f9228e949f2b50160bf1906

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_sparc.deb Size/MD5 checksum: 70740 5ca564854c876d78662515db459c64e2 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_sparc.deb Size/MD5 checksum: 64144 dfd8a2dbce6377c1d180f434d715e97c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_sparc.deb Size/MD5 checksum: 285020 13bf19296e5a3761392c3d82c9934fed http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_sparc.deb Size/MD5 checksum: 64164 0a803bc9cd6ef27e59e71806d599f6de http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_sparc.deb Size/MD5 checksum: 61238 76e2c32c82542369902ccb2ccaaa8c0e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_sparc.deb Size/MD5 checksum: 59620 cd273a623a05d5223c35904b391a6340

Debian GNU/Linux 5.0 alias lenny


Debian (stable)


Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1.dsc Size/MD5 checksum: 1707 9db0f343d28732f798c1a2020423ddd9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1.diff.gz Size/MD5 checksum: 27536 640ccb5678115f069777077fb0b5cffd http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19.orig.tar.gz Size/MD5 checksum: 815568 cede410e7adee3ea14206749190a8b5d

Architecture independent packages:

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.19-5+lenny1_all.deb Size/MD5 checksum: 109512 1b9696c70c89f82d9a17a086a7de8d31

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_alpha.deb Size/MD5 checksum: 72534 e6f145f65cba4aac88d51809311e8082 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_alpha.deb Size/MD5 checksum: 340626 f73cdd6194b566550439da1b03777796 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_alpha.deb Size/MD5 checksum: 79430 432a06b4fdcb19b209389de1fe4a7bc4 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_alpha.deb Size/MD5 checksum: 67284 241ba44dcb5e197c3f63a43355a85517 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_alpha.deb Size/MD5 checksum: 72008 9a18bb66b361d067457cf7fb1d10fb9c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_alpha.deb Size/MD5 checksum: 68920 c801216dc8ac72e633e005d70face5f9

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_amd64.deb Size/MD5 checksum: 71888 540242cb493bf32ad190ccd3853e3a1c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_amd64.deb Size/MD5 checksum: 78760 fcf4e53e61ef01d9fe39a8a5a19bfea3 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_amd64.deb Size/MD5 checksum: 71592 059444d28cec9b2b7542dfe56e199074 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_amd64.deb Size/MD5 checksum: 322470 f89f9e381d6e6e1b5b61306527068639 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_amd64.deb Size/MD5 checksum: 66902 c47b25719738fb7726970b9533e140b1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_amd64.deb Size/MD5 checksum: 68462 3c1b0a403b9610c32bd9d2297b5b2670

arm architecture (ARM)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_arm.deb Size/MD5 checksum: 70572 513a8641dd407769b09ac2ac0f0c5512 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_arm.deb Size/MD5 checksum: 66136 7017f5567130b60ee476d0e33558c07d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_arm.deb Size/MD5 checksum: 310818 af9e22c6cdddf8f1fd058cf2915e408b http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_arm.deb Size/MD5 checksum: 77690 b1a37635507cf95f04d76f6c9f3f6295 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_arm.deb Size/MD5 checksum: 70394 e71afeb997f13ae72461a816cde281c3 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_arm.deb Size/MD5 checksum: 68072 9a45c9cc91850162336bf876475c8ec5

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_armel.deb Size/MD5 checksum: 77410 8ad7981f12a57d92182767858069dd66 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_armel.deb Size/MD5 checksum: 68038 925065ed03b1596aba5947df1ee62bb9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_armel.deb Size/MD5 checksum: 72240 479c7edd0aa58496f691097ce9052c3d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_armel.deb Size/MD5 checksum: 315334 c256c4321239bf575d5ebad186423425 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_armel.deb Size/MD5 checksum: 66434 6779fd674434a719f2969e9cd40088ac http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_armel.deb Size/MD5 checksum: 71628 4339f2c1f7a3d703207295e947d3744e

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_hppa.deb Size/MD5 checksum: 69190 0676bd9e82c84fd9fca37c1b5026d141 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_hppa.deb Size/MD5 checksum: 67216 f28d9b951c97edc101225b045f1c6d66 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_hppa.deb Size/MD5 checksum: 80894 2d0b5d5f9a0d8941d2ce3d6c1402b049 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_hppa.deb Size/MD5 checksum: 344566 a1f7945e7669baab86ee22ad8c270275 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_hppa.deb Size/MD5 checksum: 72596 8801ff2ad9825a19080b28a179db2a2c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_hppa.deb Size/MD5 checksum: 72274 a963dffdf5a1fc63c7bf77a72c648281

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_i386.deb Size/MD5 checksum: 70344 8bb71db1240fd4bd184b40f02f1c7e7f http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_i386.deb Size/MD5 checksum: 67620 9e96f0749268f09040d2f652be153bf9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_i386.deb Size/MD5 checksum: 307526 aab501e0974a424c0425940ab626e10a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_i386.deb Size/MD5 checksum: 66232 f36ccf5b0c2baa706dcadecb903798f3 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_i386.deb Size/MD5 checksum: 78516 48a3439e5040f4196a90ee12375b4169 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_i386.deb Size/MD5 checksum: 70728 cef82eb0a5c4dbbaa7d9ec7b6f32f64f

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_ia64.deb Size/MD5 checksum: 75032 0feeb83f5aa7bed9b4d2360c5a6f8949 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_ia64.deb Size/MD5 checksum: 431260 bf91f89bea8fb52ec2d5f82936dd339f http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_ia64.deb Size/MD5 checksum: 84588 5750453439d8179b6b19d395c2badcb7 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_ia64.deb Size/MD5 checksum: 75120 7a79e798a92e177a0777efab027b2965 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_ia64.deb Size/MD5 checksum: 68738 a2ff868b888959304b0247cc3041fd2e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_ia64.deb Size/MD5 checksum: 70900 b2078fff9fd573f47d518d9c7c25246e

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_mips.deb Size/MD5 checksum: 71286 e8938e2d1f10d15fbd4922df02bab53d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_mips.deb Size/MD5 checksum: 71130 023737adef682d577aedc0af2e249835 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_mips.deb Size/MD5 checksum: 313018 5e103d0333acdc2593a4eed7dfbce519 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_mips.deb Size/MD5 checksum: 78070 074c3f59881fe200ed22dc4d058ab614 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_mips.deb Size/MD5 checksum: 68284 1ee640d812322c7543fa5bb06e53d0e8 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_mips.deb Size/MD5 checksum: 66868 ed578b54e85963ac73976c06183c1c45

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_powerpc.deb Size/MD5 checksum: 70770 07cc5ff5c4138b439fcff9ff4eac68cf http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_powerpc.deb Size/MD5 checksum: 69084 2d44c22a09148940548988b3e8c86559 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_powerpc.deb Size/MD5 checksum: 81682 1925dbe33db2672e17c81f913f6b0154 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_powerpc.deb Size/MD5 checksum: 366542 0be13715b3501ab061949f68c5d23fc1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_powerpc.deb Size/MD5 checksum: 74296 cb0e45885b017c2579f322a2aaa9c9bd http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_powerpc.deb Size/MD5 checksum: 73892 5cea3a9b840550f56f0779ad7a2fd571

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_s390.deb Size/MD5 checksum: 330222 88f47f047aaecb07956f2d3026c3a59b http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_s390.deb Size/MD5 checksum: 79152 bc3f4103c80fa0e6cf0c6b8dd2469da8 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_s390.deb Size/MD5 checksum: 72406 0fe4bb1bba1d9fc7182c6867b6c993da http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_s390.deb Size/MD5 checksum: 67152 bd416352fdb89e3f75b03606c9537ca4 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_s390.deb Size/MD5 checksum: 68640 fecb92a43b0e9d0c637044e388f74125 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_s390.deb Size/MD5 checksum: 72002 047561ce9696899949940fec802b2a7b

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_sparc.deb Size/MD5 checksum: 71384 67710ff21741d2a70642ae833b087e4a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_sparc.deb Size/MD5 checksum: 306226 eca87ad74cc54ac577bb2578a1fa8a8a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_sparc.deb Size/MD5 checksum: 71274 5664837eddb3450ba7b159c6ec045ec7 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_sparc.deb Size/MD5 checksum: 68330 f9f0527fd7310a29e4ef5a4b50e079cf http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_sparc.deb Size/MD5 checksum: 66744 516ac0bcd498191e7b55aed5653a000c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_sparc.deb Size/MD5 checksum: 78666 8e757df9377c9e69c33525118d5b4eb5

补丁安装方法:

  1. 手工安装补丁包:

首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址)

然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)

  1. 使用apt-get自动安装补丁包:

首先,使用下面的命令更新内部数据库: # apt-get update

然后,使用下面的命令安装更新软件包: # apt-get upgrade

LightTPD

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patch

                                        
                                            
                                                ##slow_test.sh
for ((j=0;j<1000;j++)) do
  for ((i=0; i<50; i++)) do
  ## slow_client is a C program which sends a HTTP request very slowly
    ./slow_client http://xxx.xxx.xxx.xxx:8080/>/dev/null 2>/dev/null &
  done&
  sleep 3
done