Univention Bugzilla – Full Text Bug Listing |
Summary: | tomcat6: Multiple issues (4.0) | ||
---|---|---|---|
Product: | UCS | Reporter: | Moritz Muehlenhoff <jmm> |
Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P3 | CC: | gohmann, hahn, requate |
Version: | UCS 4.0 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.0-5-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://tracker.debian.org/media/packages/t/tomcat6/changelog-6.0.45%2Bdfsg-1~deb7u1 | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Moritz Muehlenhoff
2014-11-25 15:00:33 CET
It was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227) Non-persistent DoS attack by feeding data by aborting an upload (CVE-2014-0230) security manager bypass via expression language (EL) expressions (CVE-2014-7810) Upstream Debian package version 6.0.45+dfsg-1~deb7u1 fixes all of the issues above. Move to 4.0-5-errata. repo_admin.py --cherrypick -r 3.3 --releasedest 4.0 --dest errata4.0-5 -p tomcat6 find -type f | grep -F -f <(cd source && dcmd tomcat6_6.0.45+dfsg-1.52.201604191550_i386.changes) | cpio -p --link ../ucs_4.0-0-errata4.0-5/ repo-apt-ftparchive --release ucs_4.0-0-errata4.0-5 FYI: tomcat6 is unmaintained in UCS-4.0: http://univention-repository.knut.univention.de/4.0/maintained/ 4.0-0/all/ Packages QA: univention-install tomcat6 elinks http://localhost:8080/ $EDITOR /etc/apt/sources.list apt-get -qq update apt-get upgrade apt-get install tomcat6-examples elinks http://localhost:8080/examples/ dpkg-query -W tomcat6 # 6.0.45+dfsg-1.52.201604191550 r69552 | Bug #35058,Bug #37004: tomcat6 YAML tomcat6.xml Tests (amd64/i386): OK Advisory: OK |