LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Oracle alert ELSA-2013-0640 (tomcat5)



From:
    	      Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
    	      el-errata@oss.oracle.com 


Subject:
    	      [El-errata] ELSA-2013-0640 Important: Oracle Linux 5 tomcat5
	security update 


Date:
    	      Wed, 13 Mar 2013 05:43:57 -0700


Message-ID:
    	      <5140748D.2080105@oracle.com>


Archive-link:
    	      Article, Thread
              


Oracle Linux Security Advisory ELSA-2013-0640

https://rhn.redhat.com/errata/RHSA-2013-0640.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
tomcat5-5.5.23-0jpp.38.el5_9.i386.rpm
tomcat5-admin-webapps-5.5.23-0jpp.38.el5_9.i386.rpm
tomcat5-common-lib-5.5.23-0jpp.38.el5_9.i386.rpm
tomcat5-jasper-5.5.23-0jpp.38.el5_9.i386.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.38.el5_9.i386.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.38.el5_9.i386.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.38.el5_9.i386.rpm
tomcat5-server-lib-5.5.23-0jpp.38.el5_9.i386.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.38.el5_9.i386.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.38.el5_9.i386.rpm
tomcat5-webapps-5.5.23-0jpp.38.el5_9.i386.rpm

x86_64:
tomcat5-5.5.23-0jpp.38.el5_9.x86_64.rpm
tomcat5-admin-webapps-5.5.23-0jpp.38.el5_9.x86_64.rpm
tomcat5-common-lib-5.5.23-0jpp.38.el5_9.x86_64.rpm
tomcat5-jasper-5.5.23-0jpp.38.el5_9.x86_64.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.38.el5_9.x86_64.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.38.el5_9.x86_64.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.38.el5_9.x86_64.rpm
tomcat5-server-lib-5.5.23-0jpp.38.el5_9.x86_64.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.38.el5_9.x86_64.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.38.el5_9.x86_64.rpm
tomcat5-webapps-5.5.23-0jpp.38.el5_9.x86_64.rpm

ia64:
tomcat5-5.5.23-0jpp.38.el5_9.ia64.rpm
tomcat5-admin-webapps-5.5.23-0jpp.38.el5_9.ia64.rpm
tomcat5-common-lib-5.5.23-0jpp.38.el5_9.ia64.rpm
tomcat5-jasper-5.5.23-0jpp.38.el5_9.ia64.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.38.el5_9.ia64.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.38.el5_9.ia64.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.38.el5_9.ia64.rpm
tomcat5-server-lib-5.5.23-0jpp.38.el5_9.ia64.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.38.el5_9.ia64.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.38.el5_9.ia64.rpm
tomcat5-webapps-5.5.23-0jpp.38.el5_9.ia64.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/tomcat5-5.5.23-0j...



Description of changes:

[0:5.5.23-0jpp.38]
- Resolves: CVE-2012-3439 rhbz#882008 three DIGEST authentication
- implementation
- Resolves: CVE-2012-3546, rhbz#913034 Bypass of security constraints.
- Remove unneeded handling of FORM authentication in RealmBase


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds