User: Password:
|
|
Subscribe / Log in / New account

Scientific Linux alert SL-tomc-20130528 (tomcat5)

From:  Pat Riehecky <riehecky@fnal.gov>
To:  <scientific-linux-errata@listserv.fnal.gov>
Subject:  Security ERRATA Important: tomcat5 on SL5.x i386/x86_64
Date:  Tue, 28 May 2013 19:45:17 +0000
Message-ID:  <20130528194517.15501.5443@slpackages.fnal.gov>
Archive-link:  Article, Thread

Synopsis: Important: tomcat5 security update Advisory ID: SLSA-2013:0870-1 Issue Date: 2013-05-28 CVE Numbers: CVE-2013-1976 -- A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, /var/log/tomcat5/catalina.out has been moved to the /var/log/tomcat5-initd.log file. Tomcat must be restarted for this update to take effect. -- SL5 x86_64 tomcat5-debuginfo-5.5.23-0jpp.40.el5_9.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.x86_64.rpm tomcat5-5.5.23-0jpp.40.el5_9.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.40.el5_9.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.40.el5_9.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.40.el5_9.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.40.el5_9.x86_64.rpm i386 tomcat5-debuginfo-5.5.23-0jpp.40.el5_9.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.i386.rpm tomcat5-5.5.23-0jpp.40.el5_9.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.i386.rpm tomcat5-common-lib-5.5.23-0jpp.40.el5_9.i386.rpm tomcat5-jasper-5.5.23-0jpp.40.el5_9.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.i386.rpm tomcat5-server-lib-5.5.23-0jpp.40.el5_9.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.i386.rpm tomcat5-webapps-5.5.23-0jpp.40.el5_9.i386.rpm - Scientific Linux Development Team


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds