| From: |
| Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> |
| To: |
| el-errata@oss.oracle.com |
| Subject: |
| [El-errata] ELSA-2013-0870 Important: Oracle Linux 5 tomcat5
security update |
| Date: |
| Tue, 28 May 2013 19:00:32 -0700 |
| Message-ID: |
| <51A56140.9090305@oracle.com> |
| Archive-link: |
| Article, Thread
|
Oracle Linux Security Advisory ELSA-2013-0870
https://rhn.redhat.com/errata/RHSA-2013-0870.html
The following updated rpms for Oracle Linux 5 have been uploaded to the
Unbreakable Linux Network:
i386:
tomcat5-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-common-lib-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-jasper-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-server-lib-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-webapps-5.5.23-0jpp.40.el5_9.i386.rpm
x86_64:
tomcat5-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-common-lib-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-jasper-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-server-lib-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-webapps-5.5.23-0jpp.40.el5_9.x86_64.rpm
ia64:
tomcat5-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-common-lib-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-jasper-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-server-lib-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-webapps-5.5.23-0jpp.40.el5_9.ia64.rpm
SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/tomcat5-5.5.23-0j...
Description of changes:
[0:5.5.23-0jpp.40]
- Related: CVE-2013-1976 It was found during additional testing
- that the tomcat5 init may fail to start because the user
- shell is set to sbin/nologin. Fixed in init scrip. SU now
- uses -s /bin/sh during startup
[0:5.5.23-0jpp.39]
- Resolves: CVE-2013-1976 Improper TOMCAT_LOG management in
- initscript. Change location of TOMCAT_LOG to /var/log so
- only root can write to it. Touching TOMCAT_LOG is no longer
- required during initscript startup. Permissions and ownership
- changed to 0755 tomcat:root for logdir
_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
(
Log in to post comments)