Debian alert DLA-1108-1 (tomcat7)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1108-1] tomcat7 security update | |
| Date: | Sun, 24 Sep 2017 18:53:09 +0200 | |
| Message-ID: | <5eb0df8c-01d5-8e59-8466-a6461c41ed90@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : tomcat7 Version : 7.0.28-4+deb7u15 CVE ID : CVE-2017-12616 The Tomcat security team discovered that when using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. For Debian 7 "Wheezy", these problems have been fixed in version 7.0.28-4+deb7u15. We recommend that you upgrade your tomcat7 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlnH4vRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQEABAArOApfAYucatdRarLXSpn7Vj9x2dhlDCsLbLoCJM5Zu6iI6rgJc20d9dx 62lC1PWIjoYMuwaOCZeHNP2BHzE5kiczHCYykHclPC7l4UyUzgXarJ3kut7IKRV/ 9EuUwSb93+vSIdfTJQ1WqQcI1nTRqvQiAljW9saYfRIpZ7xxcIFa6pFIypRf5xBd //x5BCZOAPybeOVDd5MBC/gi2G9uAlFPk2gT22yRUq4V39c0Y4LGsDNKfct6Em4k QM4raDL5ntjEBEzRS+lEwAQ2J/V1fAqcVCjgih5iEcAnzCPCAOAGNhvsTgCmnwKo 1NmOsmifA3nTB3VCK5+73aAx41IqZI/VqrISJjSz/KzlLBF2FEYlUvXMV7Dprz2r ZfgEEgBInpO2O4mDJU2bG1bzG3jEE0VbGlmm8xwk8XJuPPo1OTzjrXmjrG2FwQpR pzSEI+iHtMqfhmZ7dukJMAudBlFcr8stCPpG1/ZiWKk/gyVrdSdv+v5+cb5GvjrK eOuLAvIsMKnPAr3q4gubn8UQUjrZ0XeH7ZXENFBMsjI61d8l6q1/6gn5BSJgqu4l pX33Drke96lQ/8EqP9pEo4uRPYQRTPOUHeAHiraE/OS6uAL3gDXipQ7te1S9VKNx sDmnPN5VYKJ9RtutOQb+Nm8gdLstWx8/VX5V4WSBGGxC1MdUahg= =xFIH -----END PGP SIGNATURE-----