[SECURITY] [DLA 3127-1] libhttp-daemon-perl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3127-1] libhttp-daemon-perl security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Fri, 30 Sep 2022 15:57:03 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2209301555480.32635@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3127-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 30, 2022                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libhttp-daemon-perl
Version        : 6.01-3+deb10u1
CVE ID         : CVE-2022-31081

An issue has been found in libhttp-daemon-perl, a simple http serverclass.Due to insufficient Content-Length: handling in HTTP-header an attackercould gain privileged access to APIs or poison intermediate caches.



For Debian 10 buster, this problem has been fixed in version
6.01-3+deb10u1.

We recommend that you upgrade your libhttp-daemon-perl packages.

For the detailed security status of libhttp-daemon-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libhttp-daemon-perl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmM3Ec9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEed6g/+NhrTpFlCXAIXOw8ny2P/VZoQ2E09tEfrnnD7djFC1mFyhTo1D1P6MH7W
ec4lLDcpUePcsFBJZzEvoQdxh1K1SKuTtYGvdRH9tve97Z2K2K4bpUYZx221xp+o
2GHQ1e1WjbGPBh1uHLEdPcG3KzqPYV4Bws+HxEY43g8+L2z7esUBC6fVslppZqu/
85s2H/7N6vO3Q40urLaaDgCb7Qb/zEBKgpjZnO7+eNgyAYTUHyPdxAWMyF1mu03i
V3XezgW+lIAEQ30uoOattWB/aIoaNO7n9COxZdYpnZowvjQJMtfGrRmzpG2UOk8u
yRqcl2PckzJeFw7xthOgcYJTCfeGnIG7uF5IfWqGOwDf0tuTdKsSZXqD22A1xEBf
t1K8E7tMuN14psMP2/JKmKKSXl3Oxgexzo3bPUdxqK/be44HfBETPQKemTF7trsA
aaKVmnmxbClwVlQtcSGMDJ71rHx8eNdjn86EvS9KYE86cM78i6YLlcDdT0+9cEWb
p0kVPqGy9bAushjJAPaYAZSorbtMRew+9FNHA04U2mhUKsjXipxrCMEaEe4UhlvF
acGwj0jEG0EsJMymKysSP7JK2BG+x0iRaiiVUhfwWY/9CjbYRh1Z+D9HYY4ouSQi
2icFidzfgDYrgI1McK+Lcq39q1lqZwwvdm5YqzWsNsb0KRfAZ3Q=
=oOd7
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3114-2] mariadb-10.3 regression update
Next by Date: [SECURITY] [DLA 3128-1] node-thenify security update
Previous by thread: [SECURITY] [DLA 3114-2] mariadb-10.3 regression update
Next by thread: [SECURITY] [DLA 3128-1] node-thenify security update
Index(es):
- Date
- Thread