FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lighttpd -- multiple vulnerabilities

Affected packages
lighttpd < 1.4.34


VuXML ID 90b27045-9530-11e3-9d09-000c2980a9f3
Discovery 2013-11-28
Entry 2014-02-14

lighttpd security advisories report:

It is possible to inadvertantly enable vulnerable ciphers when using ssl.cipher-list.

In certain cases setuid() and similar can fail, potentially triggering lighttpd to restart running as root.

If FAMMonitorDirectory fails, the memory intended to store the context is released; some lines below the "version" compoment of that context is read. Reading invalid data doesn't matter, but the memory access could trigger a segfault.


CVE Name CVE-2013-4508
CVE Name CVE-2013-4559
CVE Name CVE-2013-4560