Wopepuka http seva lighttpd 1.4.64 watulutsidwa. Mtundu watsopanowu umabweretsa zosintha 95, kuphatikiza zosintha zomwe zidakonzedweratu kuzinthu zosasinthika komanso kuyeretsa magwiridwe antchito akale:
- Nthawi yokhazikika yoyambiranso bwino/kuyimitsa ntchito yachepetsedwa kuchoka pa infinity kufika pa masekondi 8. Nthawi yotha ikhoza kukhazikitsidwa pogwiritsa ntchito njira ya "server.graceful-shutdown-timeout".
- Kusintha kogwiritsa ntchito msonkhano ndi laibulale ya PCRE2 (--with-pcre2) kwapangidwa; kuti mubwerere ku mtundu wakale wa PCRE, mutha kugwiritsa ntchito njira ya "--with-pcre".
- Ma module omwe adasiyidwa kale achotsedwa:
- mod_geoip (muyenera kugwiritsa ntchito mod_maxminddb),
- mod_authn_mysql (muyenera kugwiritsa ntchito mod_authn_dbi),
- mod_mysql_vhost (muyenera kugwiritsa ntchito mod_vhostdb_dbi),
- mod_cml (muyenera kugwiritsa ntchito mod_magnet),
- mod_flv_streaming (kutaya tanthauzo Adobe Flash itatha),
- mod_trigger_b4_dl (muyenera kugwiritsa ntchito m'malo mwa Lua).
Lighttpd 1.4.64 imakonzanso chiwopsezo (CVE-2022-22707) mu mod_extforward module yomwe imayambitsa 4-byte buffer kusefukira pokonza deta mu mutu wa Forwarded HTTP. Malinga ndi omwe akupanga, vutoli limangokhalira kukana ntchito ndipo limakupatsani mwayi woyambitsa patali kuyimitsa njira yakumbuyo. Kugwiritsiridwa ntchito kumatheka kokha pamene Woyendetsa mutu wa Forwarded wathandizidwa ndipo sichikuwonekera pakusintha kosasintha.
Source: opennet.ru