Package "libservlet2.5-java-doc"
Name: |
libservlet2.5-java-doc
|
Description: |
Servlet 2.5 and JSP 2.1 Java API documentation
|
Latest version: |
6.0.45+dfsg-1ubuntu0.2 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
universe |
Head package: |
tomcat6 |
Homepage: |
http://tomcat.apache.org |
Links
Download "libservlet2.5-java-doc"
Other versions of "libservlet2.5-java-doc" in Xenial
Changelog
tomcat6 (6.0.45+dfsg-1ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: privilege escalation via insecure init script
- debian/tomcat6.init: don't follow symlinks when handling the
catalina.out file.
- CVE-2016-1240
-- Emilia Torino <email address hidden> Mon, 26 Oct 2020 11:52:05 -0300
|
Source diff to previous version |
CVE-2016-1240 |
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and |
|
tomcat6 (6.0.45+dfsg-1ubuntu0.1) xenial-security; urgency=medium
* Merge patches from Debian.
* SECURITY UPDATE: Timing attack.
- debian/patches/CVE-2016-0762.patch: Make timing attacks against the
Realm implementations harder.
- CVE-2016-0762
* SECURITY UPDATE: SecurityManager bypass.
- debian/patches/CVE-2016-5018.patch: Remove unnecessary code.
- debian/patches/CVE-2016-5018-part2.patch: Fix regression.
- debian/patches/CVE-2016-6794.patch: Provide a mechanism that enables
the container to check if a component has been granted a given
permission when running under a SecurityManager.
- debian/patches/CVE-2016-6796.patch: Ignore some JSP options when
running under a SecurityManager.
- CVE-2016-5018
- CVE-2016-6794
- CVE-2016-6796
* SECURITY UPDATE: Limited resources bypass.
- debian/patches/CVE-2016-6797.patch: When adding and removing
ResourceLinks dynamically, ensure that the global resource is only
visible via the ResourceLinkFactory when it is meant to be.
- debian/patches/CVE-2016-6797-part2.patch: Fix regression.
- CVE-2016-6797
* SECURITY UPDATE: Data injection in HTTP requests.
- debian/patches/CVE-2016-6816.patch: Add additional checks for valid
characters to the HTTP request line parsing so invalid request lines
are rejected sooner.
- CVE-2016-6816
* SECURITY UPDATE: Remote code execution.
- debian/patches/CVE-2016-8735.patch: Explicitly configure allowed
credential types.
- CVE-2016-8735
-- Eduardo Barretto <email address hidden> Tue, 29 Sep 2020 10:08:34 -0300
|
|
About
-
Send Feedback to @ubuntu_updates