Test ID:	1.3.6.1.4.1.25623.1.0.852745
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for lighttpd (openSUSE-SU-2019:2347-1)
Summary:	The remote host is missing an update for the 'lighttpd'; package(s) announced via the openSUSE-SU-2019:2347-1 advisory.
Description:	Summary: The remote host is missing an update for the 'lighttpd' package(s) announced via the openSUSE-SU-2019:2347-1 advisory. Vulnerability Insight: This update for lighttpd to version 1.4.54 fixes the following issues: Security issues fixed: - CVE-2018-19052: Fixed a path traversal in mod_alias (boo#1115016). - Changed the default TLS configuration of lighttpd for better security out-of-the-box (boo#1087369). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2347=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-2347=1 - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2019-2347=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-2347=1 Affected Software/OS: 'lighttpd' package(s) on openSUSE Leap 15.0. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-19052 https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 https://lists.debian.org/debian-lts-announce/2022/01/msg00012.html SuSE Security Announcement: openSUSE-SU-2019:2347 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00054.html
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.