Debian Security Advisory

DSA-3489-1 lighttpd -- security update

Date Reported:
23 Feb 2016
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 765702.
In Mitre's CVE dictionary: CVE-2014-3566.
More information:

lighttpd, a small webserver, is vulnerable to the POODLE attack via the use of SSLv3. This protocol is now disabled by default.

For the oldstable distribution (wheezy), this problem has been fixed in version 1.4.31-4+deb7u4.

We recommend that you upgrade your lighttpd packages.