[SECURITY] [DLA 490-1] bozohttpd security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : bozohttpd
Version : 20111118-1+deb7u1
CVE ID : CVE-2014-5015 CVE-2015-8212
Debian Bug : 755197
Two security vulnerabilities have been discovered in bozohttpd, a small
HTTP server.
CVE-2014-5015
Bozotic HTTP server (aka bozohttpd) before 201407081 truncates
paths when checking .htpasswd restrictions, which allows remote
attackers to bypass the HTTP authentication scheme and access
restrictions via a long path.
CVE-2015-8212
A flaw in CGI suffix handler support was found, if the -C option
has been used to setup a CGI handler, that could result in remote
code execution.
For Debian 7 "Wheezy", these problems have been fixed in version
20111118-1+deb7u1.
We recommend that you upgrade your bozohttpd packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJXRoPUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HklP8P/idquqhTwaNB3WKsLIgOm+z6
OgrAFx2CZ7LsP44Rf94C5hJNUxRmmfTQkFIYs1YUR1pjYbvhc5q9/8Hmp6u1MibG
U9nTC3urTfOTTOZSNTggMIwC32nYyob+/xNpiw6Qqf7x4h1tcWvZo9ppwrPFGNqK
yDfWGJVkuY3UpCvOJKd5n6+YmGNHOthASPL+ohG1wmXioOS1WPFLtVuINwKJIiJi
fRCAm/baW844qn4N5O5cNjDiPxyC0Wg2ysK5FHB5/t1PdVE0ZdMtTHP0gjz3JnP8
bLqv3xHyzyAi7CvfKKlikGiRV+ktYXpdCr17JKJ7RqCt6MQrj6SQppT73biYkfo3
sVqYypBbPyPCLQfrXzmMiGXHqUvd5qU9Ylq6ceJKbuVqgbcNV+rxS63wB9ok6B7D
pSFD60qc4V6jqytYznRAhCe+cxLfFsOp720SD4euc0ENyYp/VW1NejMbWQ9Sqjwd
zOgs9NQmJ+Fr4nDz/8vywHPbk9mh71lqVpfmCB4tPpYW6eqKAW0mBntLYCEbMlxi
7yf5jU9EXr/JcptQqBJ0Cm9TpeI1toBX8ugGTAF+khc11GcdsmcibhSm3IDWYdR/
Fz6yT2/YZWwBOAffwyhKUeADDR/ugNwz3xZTNrzEOBq8rlslcvvd6zYx9T5micCA
g7TBYp99YvC38jyMoOTq
=je1y
-----END PGP SIGNATURE-----
Reply to: