Debian-LTS alert DLA-746-1 (tomcat6)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 746-1] tomcat6 security update | |
| Date: | Fri, 16 Dec 2016 20:29:10 +0100 | |
| Message-ID: | <222c0a90-fa93-c4c4-5b29-d79a17e05f2d@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : tomcat6 Version : 6.0.45+dfsg-1~deb7u4 CVE ID : CVE-2016-9774 Debian Bug : 845393 845425 846298 Paul Szabo discovered a potential privilege escalation that could be exploited in the situation envisaged in DLA-622-1. This update also addresses two regressions which were introduced by the fixes for CVE-2016-5018 (when running Jasper with SecurityManager enabled) and CVE-2016-6797. For Debian 7 "Wheezy", these problems have been fixed in version 6.0.45+dfsg-1~deb7u4. We recommend that you upgrade your tomcat6 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlhUQIZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQEnA//fSDb9FWpjy2PHA1Y1lpZF9OaeZqtkjTkAjKo+jhsO6sb6LkgYLdJQou2 mXKB/B/uf3eMi7aHrTrqzf1aFumzomjg2Qs98KRA7Hsn8LOAy52itTS1xGKkDrre PCHHU0KjTJUR3E/RAoVsKiANqOoALVYWKJEaBtRIqtlKxONlhpEmcoPjf/w/KBtM DfUKh6uGNBJVMS+q6NMeeEXVhrdxE8YSWPou5FBzP6mS0o1qdS/10xSqC3P+aRbl pTFTNG2pENYHxXMFJfrlfQOjHdFFEaZLXmOomTpDwDHhkPCL6ocxuz4EeX7MNMzS ffdxAsIOsPORdly8P0L3ob03+GZRT87n35yrtYAKz3CvieOiBMSH0vt6+sb/kl94 sqGFtgdwSsZUp/S9Ie2nrJyViTTKus9cIw0+jKX0iODjsJmBctl1++l0l7Mq0l9F htNiDU6B/EhHuiJCScpPKwAYQdYlz9HzBtGt+uGKmV7JoKjd8oIPBSvRBB6d6iem GKlFiymrY0yn9Hn9VGLyNIKrDSKIIt4bkE+r4cAaVrv3AZ4RMziASng+aEmG5KBk 21YF2N4YTRwtCmeZmncrZi4MAAwBwQbaQOueTEq3QCIs5quZxw3yA9gavYQ2HJbP fdwP4Y49N0gAEWIytnDS95572lMYjBjAdWdtEGQHrFoyZPRCoTY= =qtaC -----END PGP SIGNATURE-----