LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2013-0015 (tomcat6)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2013-0015: tomcat6-6.0.35-4.2.mga2,
 tomcat-7.0.32-3.mga2 (2/core) 


Date:
    	      Fri, 18 Jan 2013 01:42:41 +0100


Message-ID:
    	      <20130118004241.GA10715@valstar.mageia.org>


Archive-link:
    	      Article, Thread
              


MGASA-2013-0015
Date: 	January 18th, 2013
Affected releases: 	2


Description:
Updated tomcat6 and tomcat packages fixes security vulnerabilities:

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP
NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28
does not properly restrict the request-header size, which allows remote
attackers to cause a denial of service (memory consumption) via a large
amount of header data (CVE-2012-2733).

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before
6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows
remote attackers to bypass security-constraint checks by leveraging a
previous setUserPrincipal call and then placing /j_security_check at the
end of a URI (CVE-2012-3546).

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat
6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass
the cross-site request forgery (CSRF) protection mechanism via a request
that lacks a session identifier (CVE-2012-4431).

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before
6.0.36 and 7.x before 7.0.28, when the NIO connector is used in
conjunction with sendfile and HTTPS, allows remote attackers to cause a
denial of service (infinite loop) by terminating the connection during
the reading of a response (CVE-2012-4534).

The replay-countermeasure functionality in the HTTP Digest Access
Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x
before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce)
values instead of nonce (aka server nonce) and nc (aka nonce-count)
values, which makes it easier for remote attackers to bypass intended
access restrictions by sniffing the network for valid requests
(CVE-2012-5885).

The HTTP Digest Access Authentication implementation in Apache Tomcat
5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches
information about the authenticated user within the session state, which
makes it easier for remote attackers to bypass authentication via vectors
related to the session ID (CVE-2012-5886).

The HTTP Digest Access Authentication implementation in Apache Tomcat
5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not
properly check for stale nonce values in conjunction with enforcement
of proper credentials, which makes it easier for remote attackers to
bypass intended access restrictions by sniffing the network for valid
requests (CVE-2012-5887).


Updated Packages:
noarch:
tomcat6-6.0.35-4.2.mga2.noarch.rpm
tomcat6-admin-webapps-6.0.35-4.2.mga2.noarch.rpm
tomcat6-docs-webapp-6.0.35-4.2.mga2.noarch.rpm
tomcat6-el-2.1-api-6.0.35-4.2.mga2.noarch.rpm
tomcat6-javadoc-6.0.35-4.2.mga2.noarch.rpm
tomcat6-jsp-2.1-api-6.0.35-4.2.mga2.noarch.rpm
tomcat6-lib-6.0.35-4.2.mga2.noarch.rpm
tomcat6-servlet-2.5-api-6.0.35-4.2.mga2.noarch.rpm
tomcat6-webapps-6.0.35-4.2.mga2.noarch.rpm
tomcat-7.0.32-3.mga2.noarch.rpm
tomcat-admin-webapps-7.0.32-3.mga2.noarch.rpm
tomcat-docs-webapp-7.0.32-3.mga2.noarch.rpm
tomcat-el-2.2-api-7.0.32-3.mga2.noarch.rpm
tomcat-javadoc-7.0.32-3.mga2.noarch.rpm
tomcat-jsp-2.2-api-7.0.32-3.mga2.noarch.rpm
tomcat-jsvc-7.0.32-3.mga2.noarch.rpm
tomcat-lib-7.0.32-3.mga2.noarch.rpm
tomcat-servlet-3.0-api-7.0.32-3.mga2.noarch.rpm
tomcat-systemv-7.0.32-3.mga2.noarch.rpm
tomcat-webapps-7.0.32-3.mga2.noarch.rpm

SRPMS:
tomcat6-6.0.35-4.2.mga2.src.rpm
tomcat-7.0.32-3.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5886

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5887

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-7.html

http://www.ubuntu.com/usn/usn-1637-1/

http://lists.fedoraproject.org/pipermail/package-announce...
https://bugs.mageia.org/show_bug.cgi?id=8692

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds