/[advisories]/10201.adv
ViewVC logotype

Annotation of /10201.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1065 - (hide annotations) (download)
Mon Feb 17 18:13:20 2014 UTC (7 years ago) by tmb
File size: 1770 byte(s)
MGASA-2014-0082: tomcat6-6.0.39-1.1.mga3
1 claire 1063 type: security
2     subject: Updated tomcat6 packages fix multiple vulnerabilities and logging
3     CVE:
4     - CVE-2012-3544
5     - CVE-2013-1571
6     - CVE-2013-1976
7     - CVE-2013-2067
8     src:
9     3:
10     core:
11     - tomcat6-6.0.39-1.1.mga3
12     description: |
13     Updated tomcat6 packages fix security vulnerabilities:
14    
15     It was discovered that Tomcat incorrectly handled certain requests
16     submitted using chunked transfer encoding. A remote attacker could use this
17     flaw to cause the Tomcat server to stop responding, resulting in a denial
18     of service (CVE-2012-3544).
19    
20     A frame injection in the Javadoc component in Oracle Java SE 7 Update 21
21     and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier;
22     JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect
23     integrity via unknown vectors related to Javadoc (CVE-2013-1571)
24    
25     A flaw was found in the way the tomcat6 init script handled the
26     tomcat6-initd.log log file. A malicious web application deployed on Tomcat
27     could use this flaw to perform a symbolic link attack to change the
28     ownership of an arbitrary system file to that of the tomcat user, allowing
29     them to escalate their privileges to root (CVE-2013-1976).
30    
31     It was discovered that Tomcat incorrectly handled certain authentication
32     requests. A remote attacker could possibly use this flaw to inject a
33     request that would get executed with a victim's credentials (CVE-2013-2067).
34    
35     Note: With this update, tomcat6-initd.log has been moved from
36     /var/log/tomcat6/ to the /var/log/ directory.
37     references:
38     - http://www.ubuntu.com/usn/usn-1841-1/
39     - https://rhn.redhat.com/errata/RHSA-2013-0869.html
40     - http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.39
41     - https://bugs.mageia.org/show_bug.cgi?id=10201
42 tmb 1065 ID: MGASA-2014-0082

  ViewVC Help
Powered by ViewVC 1.1.28