I-http server lighttpd 1.4.64 engasindi ikhululiwe. Inguqulo entsha yethula izinguquko ezingama-95, okuhlanganisa nezinguquko ebezihlelelwe ngaphambilini kumanani azenzakalelayo kanye nokuhlanzwa kokusebenza okuphelelwe yisikhathi:
- Isikhathi sokuvala esizenzakalelayo semisebenzi emihle yokuqalisa kabusha/yokuvala sehlisiwe ukusuka kokungapheli ukuya kumasekhondi angu-8. Isikhathi sokuvala singalungiselelwa kusetshenziswa inketho ethi "server.graceful-shutdown-timeout".
- Inguquko ekusebenziseni ukuhlanganisa nomtapo wezincwadi we-PCRE2 (--with-pcre2) yenziwe; ukuze ubuyele enguqulweni yakudala ye-PCRE, ungasebenzisa inketho ethi "--with-pcre".
- Amamojula ahoxisiwe ngaphambilini asusiwe:
- mod_geoip (udinga ukusebenzisa i-mod_maxminddb),
- mod_authn_mysql (udinga ukusebenzisa i-mod_authn_dbi),
- mod_mysql_vhost (udinga ukusebenzisa i-mod_vhostdb_dbi),
- mod_cml (udinga ukusebenzisa i-mod_magnet),
- mod_flv_streaming (incazelo elahlekile ngemva kokuphelelwa yisikhathi kwe-Adobe Flash),
- mod_trigger_b4_dl (udinga ukusebenzisa esikhundleni se-Lua).
I-Lighttpd 1.4.64 iphinda ilungise ukuba sengozini (CVE-2022-22707) kumojuli ye-mod_extforward ebangela ukuchichima kwebhayithi ye-4-byte lapho kucutshungulwa idatha kunhlokweni Ye-HTTP Edlulisiwe. Ngokusho konjiniyela, inkinga ikhawulelwe ekunqatshelweni kwesevisi futhi ikuvumela ukuthi uqalise ukunqanyulwa okungavamile kwenqubo yangemuva. Ukuxhaphaza kungenzeka kuphela uma isibambi sikanhlokweni Esidlulisiwe sinikwe amandla futhi singaveli ekucushweni okuzenzakalelayo.
Source: opennet.ru