Ubuntu alert USN-7282-1 (tomcat7)
| From: | Nico Campuzano <nicolas.campuzano@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7282-1] tomcat7 vulnerabilities | |
| Date: | Tue, 25 Feb 2025 01:50:25 -0500 | |
| Message-ID: | <d4f9564e-dcba-4fbb-b99a-3eadf929d489@canonical.com> |
========================================================================== Ubuntu Security Notice USN-7282-1 February 21, 2025 tomcat7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: tomcat7 could be made to execute arbitrary code. Software Description: - tomcat7: Servlet and JSP engine Details: It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libtomcat7-java 7.0.68-1ubuntu0.4+esm3 Available with Ubuntu Pro tomcat7 7.0.68-1ubuntu0.4+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7282-1 CVE-2017-12616, CVE-2017-12617
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEKl1CaPno2Qy4/AU8lFzKVeTWQe4FAme9aDIFAwAAAAAACgkQlFzKVeTWQe6y 6w/9FEGf4b1ptyfyvBdhG4tXiErmXxQH4HiBL3VTGiP33B2G7gi09ddqZmGi1sryicxsFYzhWY0f XHjJMxD4lYTf58mWm51VhXHdDAh8qdlqkpdaeByWURQsuBUQqVSkebkaw4toDKRLwHYWFuCMJk9k W9s66je0DaIjjeZq9Lfh+zDNb+E1DR1GMiCVPgzLg0Zpb12Q6NIkVDhxDTXvp5nbrayFEpn6VrFg X0rzx96SPMF8nEMxdOV014Yg3QRoPlIBj6vke6kTeJ1C7htzrKSOgypy26zUDeLHUWLO3HDtnqOk TdD7qr4m6PmiNigNFKQNKjAeLt3w01JdujZqF5lS+13Y3ieEFv3NJgMD0x5mhC9qxc7Jmy/QQiad +9M0tq65wd4g5n3hEmnOL0QfpDblU9HxQVo1Nhi+Fpdv4rp2/ogQvCm3GJnrqzaeJ48IqxP48bR5 3j3J8X6uzQ8fpwY0Bc0t7tyx9qWV6xTbCcWTQFSB/LlA2wLuLxdGyXtMDHAqsnLd4zMeq3+iHRAC fiV60e+kr1KandjXjbKHUqPm41o1rzs7rOItxt3GOW+tYBhajaD/OZPVV4BUPPjHwv0mXGrFqSHE ZLJ0nMeEmLu89OIkVHbDNaHo+7TD4ktKnYKPq1OBzgTh5F2tKwu/e2GKj+XxrWSucJIbaEI1H8xJ DcI= =kKPe -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)