DSA 1987-1: New lighttpd packages fix denial of service
Posted on: 02/02/2010 01:25 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA-1987-1 security@debian.org
http://www.debian.org/security/ Nico Golde
February 2nd, 2010 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : lighttpd
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-0295

Li Ming discovered that lighttpd, a small and fast webserver with minimal
memory footprint, is vulnerable to a denial of service attack due to bad
memory handling. Slowly sending very small chunks of request data causes
lighttpd to allocate new buffers for each read instead of appending to
old ones. An attacker can abuse this behaviour to cause denial of service
conditions due to memory exhaustion.


For the oldstable distribution (etch), this problem has been fixed in
version 1.4.13-4etch12.

For the stable distribution (lenny), this problem has been fixed in
version 1.4.19-5+lenny1.

For the testing (squeeze) and unstable (sid) distribution, this problem
will be fixed soon.


We recommend that you upgrade your lighttpd packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12.dsc
Size/MD5 checksum: 1108 a2be7a82e20970071251e5ca71fc660c
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12.diff.gz
Size/MD5 checksum: 39820 9f05aa3a52053d707be87c0f35912ec3

Architecture independent packages:

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch12_all.deb
Size/MD5 checksum: 101098 6c7d7bfa494d88c38e9d53d44afcf49e

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_alpha.deb
Size/MD5 checksum: 60370 f24388eda6bc606c663ef909d1484ba9
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_alpha.deb
Size/MD5 checksum: 320406 3fd29fadf48816d99fe9baf030bb9a1e
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_alpha.deb
Size/MD5 checksum: 65202 0d22456f747d42de3c957350ffda2025
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_alpha.deb
Size/MD5 checksum: 72124 c913f4124bc228ca345264763f19c164
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_alpha.deb
Size/MD5 checksum: 62148 50582d9263916db3e5c3add5b0c82f40
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_alpha.deb
Size/MD5 checksum: 65638 bc8798836eb898e969fa1c74ced2263d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_amd64.deb
Size/MD5 checksum: 61636 918877b620983d832971d5d3845f3c86
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_amd64.deb
Size/MD5 checksum: 59926 d72fad101197b9177348b3fdfe59020d
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_amd64.deb
Size/MD5 checksum: 64500 086df21a5fda61077c12b320407ccb26
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_amd64.deb
Size/MD5 checksum: 71032 bf00a3cd05e54d5aaa2cd91a9f79a5ac
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_amd64.deb
Size/MD5 checksum: 64836 f604cc138b5a8de2b52f468efb3f0031
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_amd64.deb
Size/MD5 checksum: 299794 08a9b33d69d1c7bb56d4b69a24205026

arm architecture (ARM)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_arm.deb
Size/MD5 checksum: 61288 46a866402e943311aaeb5cbfb0eba5e3
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_arm.deb
Size/MD5 checksum: 287600 eef09d18e1d37b7422adf10f06c97406
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_arm.deb
Size/MD5 checksum: 59154 66b50d93049f016e5e6447b8ef813902
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_arm.deb
Size/MD5 checksum: 63548 e90e7a91f702f3d65be26eeed1ac1987
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_arm.deb
Size/MD5 checksum: 63340 dfd3a3db7d5e74c5abe7d64f3ec0d7f6
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_arm.deb
Size/MD5 checksum: 70208 f8818b2dca75f3204d6d63946631904e

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_hppa.deb
Size/MD5 checksum: 59804 67c275ae5602378c9c4690c53bda26b0
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_hppa.deb
Size/MD5 checksum: 65376 4a4b7c631ad2ac9d112ecf58dba33edf
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_hppa.deb
Size/MD5 checksum: 323098 1dec43cd0b18233203411686abcd1575
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_hppa.deb
Size/MD5 checksum: 64868 8aaaf46ad4b092dba1ed2729db0facd2
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_hppa.deb
Size/MD5 checksum: 72780 358ff940ee5da1aa7f1a20006a69c5ac
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_hppa.deb
Size/MD5 checksum: 61806 b3510b57940378f1a7ef8f4841866cb9

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_i386.deb
Size/MD5 checksum: 64392 b8f33f0e3411cf5451a0cea231409746
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_i386.deb
Size/MD5 checksum: 64184 c005107155f2ae5cd6167d1f1d793d36
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_i386.deb
Size/MD5 checksum: 61358 f29271c62a2aab415abf4780389ecb41
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_i386.deb
Size/MD5 checksum: 59596 206fb9cfe9234db85ee0d417c3436ab4
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_i386.deb
Size/MD5 checksum: 71496 6e6bef7d6a8665bd78763d37fed416ac
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_i386.deb
Size/MD5 checksum: 290004 7a710389c6efef8a00b03ea2e960f17f

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_ia64.deb
Size/MD5 checksum: 77590 6b5a71e75c89a8326b6072b6bb022d68
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_ia64.deb
Size/MD5 checksum: 61692 617c3df2fd221fb5cecff9727120c307
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_ia64.deb
Size/MD5 checksum: 63572 acd66904a46dda5035bcb2663c300c63
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_ia64.deb
Size/MD5 checksum: 67886 444ecf614179b52ae21943765e10e605
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_ia64.deb
Size/MD5 checksum: 68026 e1f719f2627bf0e4accf7b62c583096e
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_ia64.deb
Size/MD5 checksum: 404182 499f06d73dd67f6261bac97c993badac

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_mipsel.deb
Size/MD5 checksum: 70550 dd5ffa7e015a857a820a7d1292c198a0
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_mipsel.deb
Size/MD5 checksum: 61260 28b00ec06cbb66c20a68fadf979e203c
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_mipsel.deb
Size/MD5 checksum: 298420 0dd0ef6dff4f621fc5ba2fa57866a59d
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_mipsel.deb
Size/MD5 checksum: 59782 105197b36c2c6e99996be53030ef5df4
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_mipsel.deb
Size/MD5 checksum: 64054 1c9287f4489e57f625a8f65c1f5eab20
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_mipsel.deb
Size/MD5 checksum: 63886 d0c610558df8be7632606549115ba047

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_powerpc.deb
Size/MD5 checksum: 65878 163285bde244d4b9301870c3ed3bc109
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_powerpc.deb
Size/MD5 checksum: 63184 87516847b6e0a123fa6f6253688df4c1
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_powerpc.deb
Size/MD5 checksum: 66156 21324ae7baf21a46121c357641e9f36a
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_powerpc.deb
Size/MD5 checksum: 72542 823d715bcb56b54d5504fce88e7edeec
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_powerpc.deb
Size/MD5 checksum: 61400 eaedc7afd640991e4a254d5075d68fae
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_powerpc.deb
Size/MD5 checksum: 323732 7b170668d041f2019786bae992e623cd

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_s390.deb
Size/MD5 checksum: 60200 a55b75f7dde8697326bb917d6adeabc8
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_s390.deb
Size/MD5 checksum: 72204 dd41f5030ff57ceaa582810ba24fc0ee
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_s390.deb
Size/MD5 checksum: 64866 472d22247b86c5861cd793712c182d9c
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_s390.deb
Size/MD5 checksum: 61740 5341aca4a88d614fa662cf153bcb897a
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_s390.deb
Size/MD5 checksum: 65256 9c2a42a08dc7bdbc9bacabf74329269d
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_s390.deb
Size/MD5 checksum: 307074 8f839f8e7f9228e949f2b50160bf1906

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_sparc.deb
Size/MD5 checksum: 70740 5ca564854c876d78662515db459c64e2
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_sparc.deb
Size/MD5 checksum: 64144 dfd8a2dbce6377c1d180f434d715e97c
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_sparc.deb
Size/MD5 checksum: 285020 13bf19296e5a3761392c3d82c9934fed
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_sparc.deb
Size/MD5 checksum: 64164 0a803bc9cd6ef27e59e71806d599f6de
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_sparc.deb
Size/MD5 checksum: 61238 76e2c32c82542369902ccb2ccaaa8c0e
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_sparc.deb
Size/MD5 checksum: 59620 cd273a623a05d5223c35904b391a6340


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1.dsc
Size/MD5 checksum: 1707 9db0f343d28732f798c1a2020423ddd9
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1.diff.gz
Size/MD5 checksum: 27536 640ccb5678115f069777077fb0b5cffd
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19.orig.tar.gz
Size/MD5 checksum: 815568 cede410e7adee3ea14206749190a8b5d

Architecture independent packages:

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.19-5+lenny1_all.deb
Size/MD5 checksum: 109512 1b9696c70c89f82d9a17a086a7de8d31

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_alpha.deb
Size/MD5 checksum: 72534 e6f145f65cba4aac88d51809311e8082
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_alpha.deb
Size/MD5 checksum: 340626 f73cdd6194b566550439da1b03777796
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_alpha.deb
Size/MD5 checksum: 79430 432a06b4fdcb19b209389de1fe4a7bc4
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_alpha.deb
Size/MD5 checksum: 67284 241ba44dcb5e197c3f63a43355a85517
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_alpha.deb
Size/MD5 checksum: 72008 9a18bb66b361d067457cf7fb1d10fb9c
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_alpha.deb
Size/MD5 checksum: 68920 c801216dc8ac72e633e005d70face5f9

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_amd64.deb
Size/MD5 checksum: 71888 540242cb493bf32ad190ccd3853e3a1c
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_amd64.deb
Size/MD5 checksum: 78760 fcf4e53e61ef01d9fe39a8a5a19bfea3
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_amd64.deb
Size/MD5 checksum: 71592 059444d28cec9b2b7542dfe56e199074
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_amd64.deb
Size/MD5 checksum: 322470 f89f9e381d6e6e1b5b61306527068639
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_amd64.deb
Size/MD5 checksum: 66902 c47b25719738fb7726970b9533e140b1
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_amd64.deb
Size/MD5 checksum: 68462 3c1b0a403b9610c32bd9d2297b5b2670

arm architecture (ARM)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_arm.deb
Size/MD5 checksum: 70572 513a8641dd407769b09ac2ac0f0c5512
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_arm.deb
Size/MD5 checksum: 66136 7017f5567130b60ee476d0e33558c07d
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_arm.deb
Size/MD5 checksum: 310818 af9e22c6cdddf8f1fd058cf2915e408b
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_arm.deb
Size/MD5 checksum: 77690 b1a37635507cf95f04d76f6c9f3f6295
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_arm.deb
Size/MD5 checksum: 70394 e71afeb997f13ae72461a816cde281c3
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_arm.deb
Size/MD5 checksum: 68072 9a45c9cc91850162336bf876475c8ec5

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_armel.deb
Size/MD5 checksum: 77410 8ad7981f12a57d92182767858069dd66
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_armel.deb
Size/MD5 checksum: 68038 925065ed03b1596aba5947df1ee62bb9
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_armel.deb
Size/MD5 checksum: 72240 479c7edd0aa58496f691097ce9052c3d
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_armel.deb
Size/MD5 checksum: 315334 c256c4321239bf575d5ebad186423425
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_armel.deb
Size/MD5 checksum: 66434 6779fd674434a719f2969e9cd40088ac
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_armel.deb
Size/MD5 checksum: 71628 4339f2c1f7a3d703207295e947d3744e

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_hppa.deb
Size/MD5 checksum: 69190 0676bd9e82c84fd9fca37c1b5026d141
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_hppa.deb
Size/MD5 checksum: 67216 f28d9b951c97edc101225b045f1c6d66
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_hppa.deb
Size/MD5 checksum: 80894 2d0b5d5f9a0d8941d2ce3d6c1402b049
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_hppa.deb
Size/MD5 checksum: 344566 a1f7945e7669baab86ee22ad8c270275
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_hppa.deb
Size/MD5 checksum: 72596 8801ff2ad9825a19080b28a179db2a2c
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_hppa.deb
Size/MD5 checksum: 72274 a963dffdf5a1fc63c7bf77a72c648281

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_i386.deb
Size/MD5 checksum: 70344 8bb71db1240fd4bd184b40f02f1c7e7f
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_i386.deb
Size/MD5 checksum: 67620 9e96f0749268f09040d2f652be153bf9
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_i386.deb
Size/MD5 checksum: 307526 aab501e0974a424c0425940ab626e10a
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_i386.deb
Size/MD5 checksum: 66232 f36ccf5b0c2baa706dcadecb903798f3
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_i386.deb
Size/MD5 checksum: 78516 48a3439e5040f4196a90ee12375b4169
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_i386.deb
Size/MD5 checksum: 70728 cef82eb0a5c4dbbaa7d9ec7b6f32f64f

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_ia64.deb
Size/MD5 checksum: 75032 0feeb83f5aa7bed9b4d2360c5a6f8949
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_ia64.deb
Size/MD5 checksum: 431260 bf91f89bea8fb52ec2d5f82936dd339f
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_ia64.deb
Size/MD5 checksum: 84588 5750453439d8179b6b19d395c2badcb7
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_ia64.deb
Size/MD5 checksum: 75120 7a79e798a92e177a0777efab027b2965
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_ia64.deb
Size/MD5 checksum: 68738 a2ff868b888959304b0247cc3041fd2e
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_ia64.deb
Size/MD5 checksum: 70900 b2078fff9fd573f47d518d9c7c25246e

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_mips.deb
Size/MD5 checksum: 71286 e8938e2d1f10d15fbd4922df02bab53d
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_mips.deb
Size/MD5 checksum: 71130 023737adef682d577aedc0af2e249835
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_mips.deb
Size/MD5 checksum: 313018 5e103d0333acdc2593a4eed7dfbce519
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_mips.deb
Size/MD5 checksum: 78070 074c3f59881fe200ed22dc4d058ab614
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_mips.deb
Size/MD5 checksum: 68284 1ee640d812322c7543fa5bb06e53d0e8
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_mips.deb
Size/MD5 checksum: 66868 ed578b54e85963ac73976c06183c1c45

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_powerpc.deb
Size/MD5 checksum: 70770 07cc5ff5c4138b439fcff9ff4eac68cf
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_powerpc.deb
Size/MD5 checksum: 69084 2d44c22a09148940548988b3e8c86559
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_powerpc.deb
Size/MD5 checksum: 81682 1925dbe33db2672e17c81f913f6b0154
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_powerpc.deb
Size/MD5 checksum: 366542 0be13715b3501ab061949f68c5d23fc1
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_powerpc.deb
Size/MD5 checksum: 74296 cb0e45885b017c2579f322a2aaa9c9bd
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_powerpc.deb
Size/MD5 checksum: 73892 5cea3a9b840550f56f0779ad7a2fd571

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_s390.deb
Size/MD5 checksum: 330222 88f47f047aaecb07956f2d3026c3a59b
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_s390.deb
Size/MD5 checksum: 79152 bc3f4103c80fa0e6cf0c6b8dd2469da8
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_s390.deb
Size/MD5 checksum: 72406 0fe4bb1bba1d9fc7182c6867b6c993da
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_s390.deb
Size/MD5 checksum: 67152 bd416352fdb89e3f75b03606c9537ca4
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_s390.deb
Size/MD5 checksum: 68640 fecb92a43b0e9d0c637044e388f74125
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_s390.deb
Size/MD5 checksum: 72002 047561ce9696899949940fec802b2a7b

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_sparc.deb
Size/MD5 checksum: 71384 67710ff21741d2a70642ae833b087e4a
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_sparc.deb
Size/MD5 checksum: 306226 eca87ad74cc54ac577bb2578a1fa8a8a
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_sparc.deb
Size/MD5 checksum: 71274 5664837eddb3450ba7b159c6ec045ec7
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_sparc.deb
Size/MD5 checksum: 68330 f9f0527fd7310a29e4ef5a4b50e079cf
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_sparc.deb
Size/MD5 checksum: 66744 516ac0bcd498191e7b55aed5653a000c
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_sparc.deb
Size/MD5 checksum: 78666 8e757df9377c9e69c33525118d5b4eb5


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAktoCkYACgkQHYflSXNkfP+w1QCfQekDr4soPXVtvcsPZ9s1JCfe
eSgAn1lva7YwPNQG96pgRSJavlsT4MXQ
=RHiq
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1987_1_new_lighttpd_packages_fix_denial_of_service.html)