Headline
Ubuntu Security Notice USN-5903-1
Ubuntu Security Notice 5903-1 - It was discovered that lighttpd incorrectly handled certain inputs, which could result in a stack buffer overflow. A remote attacker could possibly use this issue to cause a denial of service.
=========================================================================Ubuntu Security Notice USN-5903-1February 28, 2023lighttpd vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in lighttpd.Software Description:- lighttpd: fast webserver with minimal memory footprintDetails:It was discovered that lighttpd incorrectly handled certain inputs, which couldresult in a stack buffer overflow. A remote attacker could possibly use thisissue to cause a denial of service (DoS). (CVE-2022-22707, CVE-2022-41556)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10: lighttpd 1.4.65-2ubuntu1.1Ubuntu 22.04 LTS: lighttpd 1.4.63-1ubuntu3.1Ubuntu 20.04 LTS: lighttpd 1.4.55-1ubuntu1.20.04.2After a standard system update you need to restart lighttpd to makeall the necessary changes.References: https://ubuntu.com/security/notices/USN-5903-1 CVE-2022-22707, CVE-2022-41556Package Information: https://launchpad.net/ubuntu/+source/lighttpd/1.4.65-2ubuntu1.1 https://launchpad.net/ubuntu/+source/lighttpd/1.4.63-1ubuntu3.1 https://launchpad.net/ubuntu/+source/lighttpd/1.4.55-1ubuntu1.20.04.2Related news
CVE-2022-41556 is a resource exhaustion vulnerability in lighttpd 1.4.56 - 1.4.66 affecting gateway backends such as FastCGI. When handling an HTTP/1.1 request with chunked transfer encoding and request-body streaming enabled, lighttpd mishandles an anomalous client disconnect (RDHUP / half-closed TCP connection) before the terminating chunk is sent. In this state, the gateway handler can incorrectly return HANDLER_WAIT_FOR_EVENT without transitioning to an error or cleanup path, leaving the backend connection slot permanently allocated. By repeatedly opening such malformed connections, an attacker can exhaust available backend slots, causing new dynamic requests to hang indefinitely and resulting in a denial of service that persists until the server is restarted.
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.
Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.