| Package | lighttpd |
|---|---|
| Version | 1.4.45-1+deb9u2 (stretch) |
| Related CVEs | CVE-2018-25103 |
Fix use-after-free vulnerabilities in request parsing which might read from invalid pointers to memory used in the same request, not from other requests.
For Debian 9 stretch, these problems have been fixed in version 1.4.45-1+deb9u2.
We recommend that you upgrade your lighttpd packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.