Advisories:rPSA-2008-0132
From rPath Wiki
rPath Security Advisory 2008-0132-2
Published: 2008-03-31
Updated
- 2008-04-01 fix incompatibility with rPath Appliance Platform Agent 2
Products
- rPath Linux 1
Rating
- Major
Exposure Level Classification
- Remote Deterministic Denial of Service
Updated Versions
- lighttpd=conary.rpath.com@rpl:1/1.4.18-0.7-1
rPath Issue Tracking System
References
Description
- Previous versions of the lighttpd package are vulnerable to a remote
- Denial of Service attack in which the termination of one SSL connection
- may cause another concurrent SSL connection to terminate prematurely.
- lighttpd is not installed by default on rPath Linux systems, and no
- default configuration file is provided; only systems customized to
- include and configure lighttpd are vulnerable.
- Appliances built with rPath Appliance Platform Agent 2 use lighttpd and
- are vulnerable to this denial of service attack. All appliances built
- using rPath Appliance Platform Agent 2 should be updated to include the
- latest release of lighttpd.
- Appliances built with rPath Appliance Platform Agent 2 use lighttpd and
- are vulnerable to this denial of service attack. All appliances built
- using rPath Appliance Platform Agent 2 should be updated to include the
- latest release of lighttpd.
Copyright 2008 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html