Bug 37004 – tomcat6: Multiple issues (4.0)

Bug 37004 - tomcat6: Multiple issues (4.0)


Summary:	tomcat6: Multiple issues (4.0)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 4.0-5-errata
Assigned To:	Philipp Hahn
QA Contact:	Janek Walkenhorst

URL:	https://tracker.debian.org/media/pack...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-11-25 15:00 CET by Moritz Muehlenhoff
Modified:	2017-10-26 13:54 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Flags:	requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Moritz Muehlenhoff

2014-11-25 15:00:33 CET

Information disclosure / XEE (CVE-2013-4590)
Information disclosure (CVE-2013-4286)
Denial of service in handling chunked extensions (CVE-2013-4322)
Session fixation (CVE-2014-0033)
Denial of service in chunked header parsing (CVE-2014-0075)
Information disclosure in XSLT/XML parsers (CVE-2014-0096, CVE-2014-0119)
Information disclosure when parsing content length headers (CVE-2014-0099)

Comment 1 Moritz Muehlenhoff

2015-02-10 07:25:31 CET

It was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227)

Comment 2 Arvid Requate

2015-05-06 21:56:02 CEST

Non-persistent DoS attack by feeding data by aborting an upload (CVE-2014-0230)

Comment 3 Arvid Requate

2015-06-01 11:26:06 CEST

security manager bypass via expression language (EL) expressions (CVE-2014-7810)

Comment 4 Arvid Requate

2016-03-29 12:46:17 CEST

Upstream Debian package version 6.0.45+dfsg-1~deb7u1 fixes all of the issues above.

Comment 5 Stefan Gohmann

2016-04-19 15:35:46 CEST

Move to 4.0-5-errata.

Comment 6 Philipp Hahn

2016-05-26 14:47:23 CEST

repo_admin.py --cherrypick -r 3.3 --releasedest 4.0 --dest errata4.0-5 -p tomcat6
find -type f | grep -F -f <(cd source && dcmd tomcat6_6.0.45+dfsg-1.52.201604191550_i386.changes) | cpio -p --link ../ucs_4.0-0-errata4.0-5/
repo-apt-ftparchive --release ucs_4.0-0-errata4.0-5

FYI: tomcat6 is unmaintained in UCS-4.0: http://univention-repository.knut.univention.de/4.0/maintained/ 4.0-0/all/ Packages

QA:
 univention-install tomcat6
 elinks http://localhost:8080/
 $EDITOR /etc/apt/sources.list
 apt-get -qq update
 apt-get upgrade
 apt-get install tomcat6-examples
 elinks http://localhost:8080/examples/
 dpkg-query -W tomcat6 # 6.0.45+dfsg-1.52.201604191550

r69552 | Bug #35058,Bug #37004: tomcat6 YAML
 tomcat6.xml

Comment 7 Janek Walkenhorst

2016-05-31 13:57:43 CEST

Tests (amd64/i386): OK
Advisory: OK

Comment 8 Janek Walkenhorst

2016-06-01 17:28:06 CEST

<http://errata.software-univention.de/ucs/4.0/427.html>