Iseva ye-HTTP engasindi i-lighttpd 1.4.64 isikhishiwe. Inguqulo entsha yethula izinguquko ezingama-95, okuhlanganisa izinguquko zenani elizenzakalelayo ebezihlelelwe ngaphambilini kanye nokuhoxiswa kokusebenza okuhoxisiwe:
- Isikhathi sokuvala esizenzakalelayo semisebenzi emihle yokuqalisa kabusha/yokuvala sehlisiwe ukusuka kokungapheli ukuya kumasekhondi angu-8. Isikhathi sokuvala singalungiselelwa kusetshenziswa inketho ethi "server.graceful-shutdown-timeout".
- Inguquko yokusebenzisa umhlangano nomtapo wezincwadi we-PCRE2 (--with-pcre2) yenziwe; ukuze ubuyele enguqulweni endala ye-PCRE, ungasebenzisa inketho ethi "--with-pcre".
- Amamojula ahoxisiwe ngaphambilini asusiwe:
- mod_geoip (kumele isebenzise i-mod_maxminddb),
- mod_authn_mysql (kumele isebenzise i-mod_authn_dbi),
- mod_mysql_vhost (udinga ukusebenzisa i-mod_vhostdb_dbi),
- mod_cml (kumele isebenzise i-mod_magnet),
- mod_flv_streaming (yehlisiwe ngemva kokuphela kwempilo ye-Adobe Flash),
- mod_trigger_b4_dl (idinga ukusebenzisa esikhundleni se-Lua).
I-Lighttpd 1.4.64 iphinda ilungise ukuba sengozini (CVE-2022-22707) kumojuli ye-mod_extforward ebangela ukuchichima kwebhafa ye-4-byte lapho kucutshungulwa idatha kunhlokweni Ye-HTTP Edlulisiwe. Ngokusho konjiniyela, inkinga ikhawulelwe ekunqatshelweni kwesevisi futhi ivumela abahlaseli berimothi ukuthi baqalise ukuphahlazeka kwenqubo yangemuva. Ukuxhaphaza kungenzeka kuphela uma isibambi sikanhlokweni Esidlulisiwe sinikwe amandla futhi asikho ekucushweni okuzenzakalelayo.
Source: opennet.ru
