lighttpd: Multiple vulnerabilities Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements. lighttpd 2014-06-13 2014-06-13 392581 444179 490432 491154 504330 remote 1.4.35 1.4.35

lighttpd is a lightweight high-performance web server.

Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details.

A remote attacker could create a Denial of Service condition. Futhermore, a remote attacker may be able to execute arbitrary SQL statements.

There is no known workaround at this time.

All lighttpd users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.35" CVE-2011-4362 CVE-2012-5533 CVE-2013-4508 CVE-2013-4559 CVE-2013-4560 CVE-2014-2323 craig ackle