advisories/10201.adv

type: security
subject: Updated tomcat6 packages fix multiple vulnerabilities and logging
CVE:
 - CVE-2012-3544
 - CVE-2013-1571
 - CVE-2013-1976
 - CVE-2013-2067
src:
  3:
   core:
     - tomcat6-6.0.39-1.1.mga3
description: |
  Updated tomcat6 packages fix security vulnerabilities:

  It was discovered that Tomcat incorrectly handled certain requests
  submitted using chunked transfer encoding. A remote attacker could use this
  flaw to cause the Tomcat server to stop responding, resulting in a denial
  of service (CVE-2012-3544).

  A frame injection in the Javadoc component in Oracle Java SE 7 Update 21
  and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier;
  JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect
  integrity via unknown vectors related to Javadoc (CVE-2013-1571)

  A flaw was found in the way the tomcat6 init script handled the
  tomcat6-initd.log log file. A malicious web application deployed on Tomcat
  could use this flaw to perform a symbolic link attack to change the
  ownership of an arbitrary system file to that of the tomcat user, allowing
  them to escalate their privileges to root (CVE-2013-1976).

  It was discovered that Tomcat incorrectly handled certain authentication
  requests. A remote attacker could possibly use this flaw to inject a
  request that would get executed with a victim's credentials (CVE-2013-2067).

  Note: With this update, tomcat6-initd.log has been moved from
  /var/log/tomcat6/ to the /var/log/ directory.
references:
 - http://www.ubuntu.com/usn/usn-1841-1/
 - https://rhn.redhat.com/errata/RHSA-2013-0869.html
 - http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.39
 - https://bugs.mageia.org/show_bug.cgi?id=10201
ID: MGASA-2014-0082
1	claire	1063	type: security
2			subject: Updated tomcat6 packages fix multiple vulnerabilities and logging
3			CVE:
4			- CVE-2012-3544
5			- CVE-2013-1571
6			- CVE-2013-1976
7			- CVE-2013-2067
8			src:
9			3:
10			core:
11			- tomcat6-6.0.39-1.1.mga3
12			description: \|
13			Updated tomcat6 packages fix security vulnerabilities:
14
15			It was discovered that Tomcat incorrectly handled certain requests
16			submitted using chunked transfer encoding. A remote attacker could use this
17			flaw to cause the Tomcat server to stop responding, resulting in a denial
18			of service (CVE-2012-3544).
19
20			A frame injection in the Javadoc component in Oracle Java SE 7 Update 21
21			and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier;
22			JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect
23			integrity via unknown vectors related to Javadoc (CVE-2013-1571)
24
25			A flaw was found in the way the tomcat6 init script handled the
26			tomcat6-initd.log log file. A malicious web application deployed on Tomcat
27			could use this flaw to perform a symbolic link attack to change the
28			ownership of an arbitrary system file to that of the tomcat user, allowing
29			them to escalate their privileges to root (CVE-2013-1976).
30
31			It was discovered that Tomcat incorrectly handled certain authentication
32			requests. A remote attacker could possibly use this flaw to inject a
33			request that would get executed with a victim's credentials (CVE-2013-2067).
34
35			Note: With this update, tomcat6-initd.log has been moved from
36			/var/log/tomcat6/ to the /var/log/ directory.
37			references:
38			- http://www.ubuntu.com/usn/usn-1841-1/
39			- https://rhn.redhat.com/errata/RHSA-2013-0869.html
40			- http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.39
41			- https://bugs.mageia.org/show_bug.cgi?id=10201
42	tmb	1065	ID: MGASA-2014-0082