1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3609-1] tomcat8 security update

    From Moritz Muehlenhoff@1:229/2 to All on Wed Jun 29 22:00:01 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3609-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff
    June 29, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : tomcat8
    CVE ID : CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351
    CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2016-3092

    Multiple security vulnerabilities have been discovered in the Tomcat
    servlet and JSP engine, which may result in information disclosure, the
    bypass of CSRF protections, bypass of the SecurityManager or denial of
    service.

    For the stable distribution (jessie), these problems have been fixed in
    version 8.0.14-1+deb8u2.

    For the unstable distribution (sid), these problems have been fixed in
    version 8.0.36-1.

    We recommend that you upgrade your tomcat8 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJXdCc6AAoJEBDCk7bDfE42D9cP/2ik/ASnMwwtMQfJlx857NGO kZUvugvGZYr2dsoChjSRaZEZW5ZqlfVCcp08eGbNFrBcaNWwNYM/r2Yw7thmX8Au UogfJIWJeDKQYOOWnUXY4E43r1pqwbiUWqMTDa/PxectMihuSF79kW9cpsEed6MI bbTjmXFbcN8DfkkcUOEsgag9NbFFOpyqwK59lF3oOTNT7kf7riJlZnlnzXX61FN+ UXAZyWqwDQFH5uK1iBc/f/DhaqWILZ9XnRE/vFeBqFTNT5hKye6T2a2suX4xf9e1 ppLiLMn6748W6Sb38/T8UEyb7EFEVhdaCaceBhlLGA1xOSFA+16Vfl96DLOyBU0m Qv1bdS+f9oOqjo7JPYfAJxkF+i3+mzt0UyUwNt/WPmZlkCb2KEJXm3KdVq6XnjWD R3r12jgC1jt/iVSzn5ERB2IT2gClvCQ7L8FDBJKwMHN9NEMsYnkk54zSPpTWkCeM ACOKN7QNI6H1ANbKLe15dU+dsjf66vkAqU8MbB/n3YJgs3GasAgcBUVhhZtZZER6 lH0uvqsHrRRCNRoRir0NuLI28B3QTp4T8uhjb1eOl1UJVaIppP8ZXQSulxkZe3Ru fxG88APd/FxozpjqKQJkHMbuFV8fdFGs1PTGUJps4t/3Ul0aWsShIwt3jsHTw7oB 4vzBC2DzyU52NmxLR7rn
    =+5Ef
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)