Debian Security Advisory
DSA-3489-1 lighttpd -- security update
- Date Reported:
- 23 Feb 2016
- Affected Packages:
- lighttpd
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 765702.
In Mitre's CVE dictionary: CVE-2014-3566. - More information:
-
lighttpd, a small webserver, is vulnerable to the POODLE attack via the use of SSLv3. This protocol is now disabled by default.
For the oldstable distribution (wheezy), this problem has been fixed in version 1.4.31-4+deb7u4.
We recommend that you upgrade your lighttpd packages.