Package "libtomcat7-java"
Name: |
libtomcat7-java
|
Description: |
Servlet and JSP engine -- core libraries
|
Latest version: |
7.0.26-1ubuntu1.2 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
universe |
Head package: |
tomcat7 |
Homepage: |
http://tomcat.apache.org |
Links
Download "libtomcat7-java"
Other versions of "libtomcat7-java" in Precise
Changelog
tomcat7 (7.0.26-1ubuntu1.2) precise-security; urgency=low
[Christian Kuersteiner]
* SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
(LP: #1115053)
- debian/patches/0013-CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
Service. Based on upstream patch.
- CVE-2012-2733
- debian/patches/0014-CVE-2012-3546.patch: Fix for bypass of security
constraints. Based on upstream patch.
- CVE-2012-3546
- debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
filter. Based on upstream patch.
- CVE-2012-4431
- debian/patches/0016-CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
Service Vulnerability. Based on upstream patch.
- CVE-2012-4534
- debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
weaknesses. Based on upstream patch.
- CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
[ Jamie Strandboge ]
* allow for easily running the testsuite:
- debian/control: add testsuite build-depends
- debian/rules:
+ add 'testsuite' target
+ add ANT_TS_ARGS for use in the testsuite target
+ cleanup the testsuite
- add debian/README.source for information on how to use the testsuite
-- Christian Kuersteiner <email address hidden> Tue, 19 Mar 2013 14:48:19 +0100
|
1115053 |
Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 |
CVE-2012-2733 |
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not |
CVE-2012-3546 |
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote at |
CVE-2012-4431 |
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the |
CVE-2012-4534 |
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction w |
CVE-2012-3439 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5885, CVE-2012-5886, CVE-2012-5887. Reason: This candidate is a duplicate of C |
CVE-2012-5885 |
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0. |
CVE-2012-5886 |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches informatio |
|
About
-
Send Feedback to @ubuntu_updates