Fedora alert FEDORA-2008-7977 (tomcat6)
| From: | updates@fedoraproject.org | |
| To: | fedora-package-announce@redhat.com | |
| Subject: | [SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9 | |
| Date: | Thu, 11 Sep 2008 17:17:43 +0000 | |
| Message-ID: | <20080911171743.A50D42E031E@bastion.fedora.phx.redhat.com> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-7977 2008-09-11 11:07:09 -------------------------------------------------------------------------------- Name : tomcat6 Product : Fedora 9 Version : 6.0.18 Release : 1.1.fc9 URL : http://tomcat.apache.org/ Summary : Apache Servlet/JSP Engine, RI for Servlet 2.5/JSP 2.1 API Description : Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. -------------------------------------------------------------------------------- Update Information: This release fixes several security-related issues. In addition, this release fixes several user-reported problems related to the startup scripts and file layout. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 26 2008 David Walluck <dwalluck@redhat.com> 0:6.0.18-1.1 - 6.0.18 - Resolves: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938 - fix definition of java.security.policy with d%{name} start-security - don't pass $CATALINA_OPTS with d%{name} stop - redefine tempdir and workdir for tmpwatch workaround - change eclipse-ecj references to ecj * Thu Jul 10 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0:6.0.16-1.8 - drop repotag -------------------------------------------------------------------------------- References: [ 1 ] Bug #456120 - CVE-2008-2938 tomcat Unicode directory traversal vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=456120 [ 2 ] Bug #457934 - CVE-2008-2370 tomcat RequestDispatcher information disclosure vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=457934 [ 3 ] Bug #446393 - CVE-2008-1947 Tomcat host manager xss - name field https://bugzilla.redhat.com/show_bug.cgi?id=446393 [ 4 ] Bug #457597 - CVE-2008-1232 tomcat: Cross-Site-Scripting enabled by sendError call https://bugzilla.redhat.com/show_bug.cgi?id=457597 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update tomcat6' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann...