Monkey HTTP Daemon: Multiple vulnerabilities — GLSA 201309-17

Multiple vulnerabilities have been discovered in Monkey HTTP Daemon, the worst of which could result in arbitrary code execution.

Affected Packages

www-servers/monkeyd on all architectures
Affected versions < 1.2.2
Unaffected versions >= 1.2.2

Background

Monkey HTTP Daemon is a lightweight and powerful web server for GNU/Linux.

Description

Multiple vulnerabilities have been discovered in Monkey HTTP Daemon. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could send a specially crafted request, resulting in possible arbitrary code execution or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Monkey HTTP Daemon users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-servers/monkeyd-1.2.2"
 

References

Release Date
September 25, 2013

Latest Revision
September 25, 2013: 1

Severity
high

Exploitable
remote

Bugzilla entries