Bug 37004

Summary: tomcat6: Multiple issues (4.0)
Product: UCS Reporter: Moritz Muehlenhoff <jmm>
Component: Security updatesAssignee: Philipp Hahn <hahn>
Status: CLOSED FIXED QA Contact: Janek Walkenhorst <walkenhorst>
Severity: normal    
Priority: P3 CC: gohmann, hahn, requate
Version: UCS 4.0Flags: requate: Patch_Available+
Target Milestone: UCS 4.0-5-errata   
Hardware: Other   
OS: Linux   
URL: https://tracker.debian.org/media/packages/t/tomcat6/changelog-6.0.45%2Bdfsg-1~deb7u1
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Moritz Muehlenhoff univentionstaff 2014-11-25 15:00:33 CET 
Information disclosure / XEE (CVE-2013-4590)
Information disclosure (CVE-2013-4286)
Denial of service in handling chunked extensions (CVE-2013-4322)
Session fixation (CVE-2014-0033)
Denial of service in chunked header parsing (CVE-2014-0075)
Information disclosure in XSLT/XML parsers (CVE-2014-0096, CVE-2014-0119)
Information disclosure when parsing content length headers (CVE-2014-0099)
Comment 1 Moritz Muehlenhoff univentionstaff 2015-02-10 07:25:31 CET 
It was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227)
Comment 2 Arvid Requate univentionstaff 2015-05-06 21:56:02 CEST 
Non-persistent DoS attack by feeding data by aborting an upload (CVE-2014-0230)
Comment 3 Arvid Requate univentionstaff 2015-06-01 11:26:06 CEST 
security manager bypass via expression language (EL) expressions (CVE-2014-7810)
Comment 4 Arvid Requate univentionstaff 2016-03-29 12:46:17 CEST 
Upstream Debian package version 6.0.45+dfsg-1~deb7u1 fixes all of the issues above.
Comment 5 Stefan Gohmann univentionstaff 2016-04-19 15:35:46 CEST 
Move to 4.0-5-errata.
Comment 6 Philipp Hahn univentionstaff 2016-05-26 14:47:23 CEST 
repo_admin.py --cherrypick -r 3.3 --releasedest 4.0 --dest errata4.0-5 -p tomcat6
find -type f | grep -F -f <(cd source && dcmd tomcat6_6.0.45+dfsg-1.52.201604191550_i386.changes) | cpio -p --link ../ucs_4.0-0-errata4.0-5/
repo-apt-ftparchive --release ucs_4.0-0-errata4.0-5

FYI: tomcat6 is unmaintained in UCS-4.0: http://univention-repository.knut.univention.de/4.0/maintained/ 4.0-0/all/ Packages

QA:
 univention-install tomcat6
 elinks http://localhost:8080/
 $EDITOR /etc/apt/sources.list
 apt-get -qq update
 apt-get upgrade
 apt-get install tomcat6-examples
 elinks http://localhost:8080/examples/
 dpkg-query -W tomcat6 # 6.0.45+dfsg-1.52.201604191550

r69552 | Bug #35058,Bug #37004: tomcat6 YAML
 tomcat6.xml
Comment 7 Janek Walkenhorst univentionstaff 2016-05-31 13:57:43 CEST 
Tests (amd64/i386): OK
Advisory: OK
Comment 8 Janek Walkenhorst univentionstaff 2016-06-01 17:28:06 CEST 
<http://errata.software-univention.de/ucs/4.0/427.html>