[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2015:053 ] tomcat6



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:053
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : tomcat6
 Date    : March 3, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated tomcat6 packages fix security vulnerabilities:
 
 Integer overflow in the parseChunkHeader function in
 java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in
 Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote
 attackers to cause a denial of service (resource consumption) via a
 malformed chunk size in chunked transfer coding of a request during
 the streaming of data (CVE-2014-0075).
 
 java/org/apache/catalina/servlets/DefaultServlet.java in the default
 servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not
 properly restrict XSLT stylesheets, which allows remote attackers
 to bypass security-manager restrictions and read arbitrary files
 via a crafted web application that provides an XML external entity
 declaration in conjunction with an entity reference, related to an
 XML External Entity (XXE) issue (CVE-2014-0096).
 
 Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in
 Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated
 behind a reverse proxy, allows remote attackers to conduct HTTP
 request smuggling attacks via a crafted Content-Length HTTP header
 (CVE-2014-0099).
 
 Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly
 constrain the class loader that accesses the XML parser used with
 an XSLT stylesheet, which allows remote attackers to read arbitrary
 files via a crafted web application that provides an XML external
 entity declaration in conjunction with an entity reference, related
 to an XML External Entity (XXE) issue, or read files associated with
 different web applications on a single Tomcat instance via a crafted
 web application (CVE-2014-0119).
 
 In Apache Tomcat 6.x before 6.0.55, it was possible to craft a
 malformed chunk as part of a chunked request that caused Tomcat to
 read part of the request body as a new request (CVE-2014-0227).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
 http://advisories.mageia.org/MGASA-2014-0268.html
 http://advisories.mageia.org/MGASA-2015-0081.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 1e8a7ceba7befde2cc00e4692edbb2c4  mbs1/x86_64/tomcat6-6.0.43-1.mbs1.noarch.rpm
 06f517754e9d043a05a465bfbc9511d9  mbs1/x86_64/tomcat6-admin-webapps-6.0.43-1.mbs1.noarch.rpm
 12662943e4b7474eaeb884414c1542a3  mbs1/x86_64/tomcat6-docs-webapp-6.0.43-1.mbs1.noarch.rpm
 0e93126df244648f82045ef4380d4680  mbs1/x86_64/tomcat6-el-2.1-api-6.0.43-1.mbs1.noarch.rpm
 f9856715fa849af74d5a4a6893111572  mbs1/x86_64/tomcat6-javadoc-6.0.43-1.mbs1.noarch.rpm
 df7e1851bec9805d843197db0f8fda41  mbs1/x86_64/tomcat6-jsp-2.1-api-6.0.43-1.mbs1.noarch.rpm
 ed5b6f2cd6884b92613997b6dfd77cb7  mbs1/x86_64/tomcat6-lib-6.0.43-1.mbs1.noarch.rpm
 a273b8f736fd13fb066a6d7052eea925  mbs1/x86_64/tomcat6-servlet-2.5-api-6.0.43-1.mbs1.noarch.rpm
 127d1d1ecf7b6be75ac9f306f66f08fd  mbs1/x86_64/tomcat6-systemv-6.0.43-1.mbs1.noarch.rpm
 955d38f8c9dade3438dd254fe1778075  mbs1/x86_64/tomcat6-webapps-6.0.43-1.mbs1.noarch.rpm 
 816110f95d3ee2f6347c9c057695d6d0  mbs1/SRPMS/tomcat6-6.0.43-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFU9XyKmqjQ0CJFipgRAvukAKCI1DXuj5eJr1SVaNIoXhz9PUilpQCg0l4c
77X/s+2Ee3FYUp9lZWBmLRg=
=pm31
-----END PGP SIGNATURE-----