-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : bozohttpd Version : 20111118-1+deb7u1 CVE ID : CVE-2014-5015 CVE-2015-8212 Debian Bug : 755197
Two security vulnerabilities have been discovered in bozohttpd, a small HTTP server. CVE-2014-5015 Bozotic HTTP server (aka bozohttpd) before 201407081 truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path. CVE-2015-8212 A flaw in CGI suffix handler support was found, if the -C option has been used to setup a CGI handler, that could result in remote code execution. For Debian 7 "Wheezy", these problems have been fixed in version 20111118-1+deb7u1. We recommend that you upgrade your bozohttpd packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJXRoPUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HklP8P/idquqhTwaNB3WKsLIgOm+z6 OgrAFx2CZ7LsP44Rf94C5hJNUxRmmfTQkFIYs1YUR1pjYbvhc5q9/8Hmp6u1MibG U9nTC3urTfOTTOZSNTggMIwC32nYyob+/xNpiw6Qqf7x4h1tcWvZo9ppwrPFGNqK yDfWGJVkuY3UpCvOJKd5n6+YmGNHOthASPL+ohG1wmXioOS1WPFLtVuINwKJIiJi fRCAm/baW844qn4N5O5cNjDiPxyC0Wg2ysK5FHB5/t1PdVE0ZdMtTHP0gjz3JnP8 bLqv3xHyzyAi7CvfKKlikGiRV+ktYXpdCr17JKJ7RqCt6MQrj6SQppT73biYkfo3 sVqYypBbPyPCLQfrXzmMiGXHqUvd5qU9Ylq6ceJKbuVqgbcNV+rxS63wB9ok6B7D pSFD60qc4V6jqytYznRAhCe+cxLfFsOp720SD4euc0ENyYp/VW1NejMbWQ9Sqjwd zOgs9NQmJ+Fr4nDz/8vywHPbk9mh71lqVpfmCB4tPpYW6eqKAW0mBntLYCEbMlxi 7yf5jU9EXr/JcptQqBJ0Cm9TpeI1toBX8ugGTAF+khc11GcdsmcibhSm3IDWYdR/ Fz6yT2/YZWwBOAffwyhKUeADDR/ugNwz3xZTNrzEOBq8rlslcvvd6zYx9T5micCA g7TBYp99YvC38jyMoOTq =je1y -----END PGP SIGNATURE-----