Package "libtomcat9-java"
| Name: |
libtomcat9-java
|
Description: |
Apache Tomcat 9 - Servlet and JSP engine -- core libraries
|
| Latest version: |
9.0.31-1ubuntu0.8 |
| Release: |
focal (20.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
tomcat9 |
| Homepage: |
http://tomcat.apache.org |
Links
Download "libtomcat9-java"
Other versions of "libtomcat9-java" in Focal
Changelog
|
tomcat9 (9.0.31-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: HTTP/2 Denial of Service
- debian/patches/CVE-2020-13934.patch: ensure that the HTTP/1.1
processor is correctly recycled when a direct connection to h2c is
made
- CVE-2020-13934
* SECURITY UPDATE: WebSocket Denial of Service
- debian/patches/CVE-2020-13935.patch: add additional validation of
payload length for WebSocket messages
- CVE-2020-13935
* SECURITY UPDATE: HTTP/2 Denial of Service
- debian/patches/CVE-2020-11996.patch: improve performance of closing
idle HTTP/2 streams
- CVE-2020-11996
* SECURITY UPDATE: remote code execution via session persistence
- debian/patches/CVE-2020-9484.patch: improve validation of storage
location when using FileStore
- CVE-2020-9484
-- Emilia Torino <email address hidden> Tue, 20 Oct 2020 09:27:39 -0300
|
| CVE-2020-13934 |
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after |
| CVE-2020-13935 |
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and |
| CVE-2020-11996 |
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger hi |
| CVE-2020-9484 |
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to contr |
|
About
-
Send Feedback to @ubuntu_updates
