1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4673-1] tomcat8 security update

    From Moritz Muehlenhoff@1:229/2 to All on Sun May 3 20:40:01 2020
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4673-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff
    May 03, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : tomcat8
    CVE ID : CVE-2019-17569 CVE-2020-1935 CVE-2020-1938

    Several vulnerabilities were discovered in the Tomcat servlet and JSP
    engine, which could result in HTTP request smuggling and code execution
    in the AJP connector (disabled by default in Debian).

    For the oldstable distribution (stretch), these problems have been fixed
    in version 8.5.54-0+deb9u1.

    We recommend that you upgrade your tomcat8 packages.

    For the detailed security status of tomcat8 please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/tomcat8

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6vDOEACgkQEMKTtsN8 TjaAFRAAoAKw1AMWyaBUnxXpVwYqKvQ4CXcJxHCIAAFSQdMDLosTcKToyE3bzv13 UWZ1O7q4uMYhbyJv+bHzu4QTvWKAHAr/X8rdIe5d9FpzBGczWzAVOby4nLuXHSOj Y83IdXtXM3DopRcqPS8dUzcoQ8U+fOcmZeIB48IAqbMW+Okum8yxjDW1fVx+hl07 oAOg8tJwdRddGq1/l1hjgsDqqN4y56rG9YNLNGHDrWI8z1iN5Wxf5mGoJjd+ebbc gSRBxt5UYbiqE1FHVmM2EhSwoCsglYIKWYZQC1cg1WvoKDbqKpXB5TRYGWpB/FDN 5EPqEDJkiNf0+03mg+sa6ccY0bEDNJdZOiQKydopVu4Mh1BQ2oEQfBIc4eXPKCmK 0vV0Wdyfl1jQF4yo4vo7yQr4wbAJjLWJcg6pc/k4pwwZ2/wbnX/vbK+t0GpXfjnl wPLp47H5Rg9/2xly4zbdRJxA5rS1tQ3ykLCkF5AA4kCLTwXsiFgFD5Ec3va9hw9h VU15HO9UHDb8PUGGMTVCJzzBIdIREp3zjGI5g4TGU40BubdDaB20cmvKDrl5PFig rco9lTz9K3ngBRgVs5gNGMCaRhcT90sWuNlMoSFeKx1GMknIMdMjuiVkMpMwdvO/ xZpvx+f3wL09FWzDBcObPxdFzLi0kA8L+refmEJ9jifzwnPWJX4=
    =nZPM
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)