Ubuntu 899-1: Tomcat vulnerabilities

==========================================================Ubuntu Security Notice USN-899-1          February 11, 2010
tomcat6 vulnerabilities
CVE-2009-2693, CVE-2009-2901, CVE-2009-2902
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  libtomcat6-java                 6.0.18-0ubuntu3.3

Ubuntu 9.04:
  libtomcat6-java                 6.0.18-0ubuntu6.2

Ubuntu 9.10:
  libtomcat6-java                 6.0.20-2ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Tomcat did not correctly validate WAR filenames or
paths when deploying. A remote attacker could send a specially crafted WAR
file to be deployed and cause arbitrary files and directories to be
created, overwritten, or deleted.


Updated packages for Ubuntu 8.10:

  Source archives:

          Size/MD5:    26616 15947847c9ba6bca5b4c7c30280c0fb8
          Size/MD5:     1379 86363fde24b72d18e84ef451312646b1
          Size/MD5:  3484249 9bdbb1c1d79302c80057a70b18fe6721

  Architecture independent packages:

          Size/MD5:   174352 069180c1a5572ce1f6fa93bcccb5d416
          Size/MD5:  2963632 cc3ccccd2a204091802013ba3ed1a14b
          Size/MD5:    37574 0338b8f2dae4792fa115d748ad6ef0c4
          Size/MD5:    53718 28ea7eeff8f52e7999e79753241b5764
          Size/MD5:   714470 0f4e4e92a9c8299c09aa701e2234a299
          Size/MD5:   419384 ee04dfb73fd622f9da2b29dabcc63062
          Size/MD5:    18856 82a444d0784a9de1792acefa4e422819
          Size/MD5:    24418 4cde466df88b81d842874504669c5ed5

Updated packages for Ubuntu 9.04:

  Source archives:

          Size/MD5:    29144 b204c293225729248eb147a84d120c05
          Size/MD5:     1412 21a10f9c437e9edffb7baae80196a3da
          Size/MD5:  3484249 9bdbb1c1d79302c80057a70b18fe6721

  Architecture independent packages:

          Size/MD5:   246472 867519558398828a41a2cfb74f59fbf8
          Size/MD5:   172726 fdf61235de74397f6cdaef0e1c75efff
          Size/MD5:  2848098 f2b6718e0e25cab22a7dd9cbf2f2d920
          Size/MD5:    38086 61d1f99bfadee394356ba09955af203f
          Size/MD5:    53422 1ba93e5960666a8c380a0091e3d0062e
          Size/MD5:   714374 0a82b6b46ba6fa3a4d2e1a22e7e802d0
          Size/MD5:   418550 4eb0f440623adab18796f907478c6ffc
          Size/MD5:    20832 ba5f382e9a3423bf32a28c7aae1af22f
          Size/MD5:    25210 09ce858a43d1d5eafc3be8c74df7f4eb

Updated packages for Ubuntu 9.10:

  Source archives:

          Size/MD5:    24200 0301e8b6886eed5acfe1135262564354
          Size/MD5:     1564 9c02cfcdbf44123e1d1f669c23256109
          Size/MD5:  3590562 44f49e7e14028b6a53c3c346bd18c72f

  Architecture independent packages:

          Size/MD5:   247082 f1b8ce2ec306f55eb10eaf3dfb554ba4
          Size/MD5:   182942 987d4d34f2a24645372d44a2132d61a4
          Size/MD5:  2914180 850bbadb3973c1cac0a5764286054a0c
          Size/MD5:    38746 069812c70cb608a1b97d51e2a22b746c
          Size/MD5:    36530 e6f95590d1998a7d9f05c87f65ddcca6
          Size/MD5:   479894 0cf8923ff34c688300b61f7e15852f05
          Size/MD5:   418982 b75582d62de99c7f610f89dc87c19814
          Size/MD5:    21602 dfb3677e4ea5df88905a30b3b9268857
          Size/MD5:    25988 b4898543c09f3f35c0b4e835a95cc11c
Get the Latest News & Insights
Ubuntu 899-1: Tomcat vulnerabilities

Summary

Update Instructions

References

Package Information

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
