Debian alert DLA-3707-1 (tomcat9)
| From: | rouca@debian.org | |
| To: | <debian-lts-announce@lists.debian.org> | |
| Subject: | [SECURITY] [DLA 3707-1] tomcat9 security update | |
| Date: | Fri, 05 Jan 2024 09:40:41 +0000 | |
| Message-ID: | <242e34cf0d97e9eb3af84693877a3cbd.rouca@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3707-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès January 05, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : tomcat9 Version : 9.0.31-1~deb10u11 CVE ID : CVE-2023-46589 Debian Bug : 1057082 Apache Tomcat 9, a Servlet and JSP engine, was vulnerable. An Improper Input Validation vulnerability was present. and Tomcat did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. For Debian 10 buster, this problem has been fixed in version 9.0.31-1~deb10u11. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmWXzpkACgkQADoaLapB CF/SJBAAgivqtdM0kIF4dlGYh9gFt0tzuSALGHlQ+Pa2EZmWv2GPDoMDyGQJmjR+ L2ncKm8qwYi7E28W9Fc1gU+xo1dE/SUQ0Q1GusESEts9l16BUx0ni7oQjtNM9Iim 7rBJln6ILKHa7Q235uNjTIvBtlySzKrv2hm/nqeyXI3mn1Y7bvNZ3Zyskcizx4ok goy5WvbpRtEnm9DIbFYLhDv6c5AFILnlWrCQUsdxN1nBeOyIcFB4KX5U6JKWY6lg JKsXtgGJqUUhxP+IU9lLV6uNYgcKrOsOhpF16Ma6Famyk4YiYwTWmHzEwWbXyp1w /en8PssuOfFD/a0szFQ/vnvYhAtGB4xtBMOLEyCSWITmnbEMZ611No50wszt7tHK FmonzYR0YQfKLSe3U7XVQ1i+B2l54YEqzmq6NhZ/mGm+PeR3QirqxYjSO1bjCqJ+ rXb12A7AvbbuqLzXvPy08hgYonOSpqJhQHmhx9jXK848QaCx3WfqlZ9kS94MjXCo TxwTwZKEEfjt30N9uJL3CXNKNHydhBu99Z3t4R1EWfttECMblO+k2EQjQiOsLPht UPPsjIKLbI0myF1KnO0JLcriaTqzkUrmxeA42j6up4Lhg8gomQnpRqczytKCKLYd S1xf5nSCmqGA6wAoLZaPXp/ZtXOoqzuW+vDqAwbuzZaGPPsoTGw= =luX7 -----END PGP SIGNATURE-----