1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3552-1] tomcat7 security update

    From Moritz Muehlenhoff@1:229/2 to All on Sun Apr 17 20:50:02 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3552-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff
    April 17, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : tomcat7
    CVE ID : CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351
    CVE-2016-0706 CVE-2016-0714 CVE-2016-0763

    Multiple security vulnerabilities have been discovered in the Tomcat
    servlet and JSP engine, which may result in information disclosure,
    the bypass of CSRF protections and bypass of the SecurityManager.

    For the oldstable distribution (wheezy), these problems have been fixed
    in version 7.0.28-4+deb7u4. This update also fixes CVE-2014-0119 and CVE-2014-0096.

    For the stable distribution (jessie), these problems have been fixed in
    version 7.0.56-3+deb8u2.

    For the testing distribution (stretch), these problems have been fixed
    in version 7.0.68-1.

    For the unstable distribution (sid), these problems have been fixed in
    version 7.0.68-1.

    We recommend that you upgrade your tomcat7 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJXE9lQAAoJEBDCk7bDfE42StsP/jESeUXBDM54ZpOb0kH3C9YF WAEDRlEtfBIjZW6HvO9aaUQYG/RICw41xTDaMixMZekdQTr3DUxkrdEVoLtjkj7q UU6DRyDJYhYfsjvKp3GNusOdFm6eYNstkwViYGQCb8WyRb7tME4+J4AO68TzRKNE BxBC/kPPxTLpt+J46vO9Phb8UlOhmVEM9QmZplsZDr+5KcRJkGFiK0O69GZ26MgT lS8AxtOOw9vQF6lZWaOLlytGh8o/lhSRUI/vbZqytIAYH3YwS7sGTwtjgi2VFgrO FVxa6xF98n2kT6RQdXXLWfHxh1gLH/O5NqNs4JGuMlwfXiLgJVWoFUMa9Nk3qXoy e3xGzCdZizIGl6wlF89+/JL8XXCPZHABaQPGw5ZtILzpsLfdAdrCTcBBqk/t16yc g33SgWyZva83WDc7S7mEo+CW5SXsbtyX+qT4F4mbWDYWF9JDRG6mnj/LCA/9Zu8z PRdAFQxaue2tNkjwmlozuK+JPoje4lYJNyKo/Wxx6qNsfDAMcSdelFM4/pol0JPk dUoUypoe6i2pOOAFX25aCUO3JMyqVKMdi7kheqKbAdCzaPxcCknvpi2fqOFPVVO7 YE0nUuQZpaYv1MWZLo7f+6Y1I3ncnTQFAoGKLaISvd7ghOAk2SpWeGRh7yCybbGw jaHyZJXTIWz4qCAhpnb0
    =GSUh
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)