CVE-2008-1531

Publication date 27 March 2008

Last updated 24 July 2024

Ubuntu priority

The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
lighttpd	9.10 karmic	Fixed 1.4.19-0ubuntu3
	9.04 jaunty	Fixed 1.4.19-0ubuntu3
	8.10 intrepid	Fixed 1.4.19-0ubuntu3
	8.04 LTS hardy	Fixed 1.4.19-0ubuntu3
	7.10 gutsy	Fixed 1.4.18-1ubuntu1.4
	7.04 feisty	Fixed 1.4.13-9ubuntu4.6
	6.10 edgy	Fixed 1.4.13~r1370-1ubuntu1.7
	6.06 LTS dapper	Ignored

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
lighttpd	Debdiff: https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490

References

Other references

https://www.cve.org/CVERecord?id=CVE-2008-1531