lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 16 Jan 2009 23:50:01 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:018 ] tomcat5


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:018
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : tomcat5
 Date    : January 16, 2009
 Affected: 2008.1
 _______________________________________________________________________

 Problem Description:

 Apache Tomcat does not properly handle certain characters in a cookie
 value, which could possibly lead to the leak of sensitive information
 such as session IDs (CVE-2007-5333).
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 990a9d6ffae7be5841f9a9073be4d0af  2008.1/i586/tomcat5-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 223876925f17ef248c6ff17d4accb563  2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 7436c767a849437fd50b7e79d1666097  2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 7cd33808c56ceb9ddeab3d319a372114  2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 2e7f6a381670859429d071857f090fbe  2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 3cc0b00b623ddaf17f139a21f10db64d  2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 e872e87d9b621ba00bf08ce6ffd97834  2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 bf4dee3baeb2250edb0bcd6cd0f9d230  2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 3355b29e70c1c9bcebcd682b65223d5f  2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 b80984a00d8d52d56fe2a151254bb131  2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 2dfd81094518a497ede031ee151ef970  2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 8c44749cd7df3d596fd5873a4cd34666  2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.2mdv2008.1.i586.rpm 
 0f53b8347922bd4df159fb7fe7685c4d  2008.1/SRPMS/tomcat5-5.5.25-1.2.1.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 487e4d61d35d204ed3a6434153a41770  2008.1/x86_64/tomcat5-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 cc1781c4ae7c9dac71866572fe48b771  2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 b9835f802b0827a34fc99e4e959074b5  2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 77d7e197b3ababc702bddf17d9442c45  2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 6cc1549ac8610acb83678eb2323b7525  2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 082baa5fdbb552b7c519008cabeaf514  2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 4637956ec02229c867448f3e5b026368  2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 0a6062f4039d2f76ae89911bb2ab5ac6  2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 e70ddb331223b12255ea321b2c12de5b  2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 d839046008950ac06d63b9b5389a2e36  2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 56cc4c6e421e81091e103d2d02bcdbc5  2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 6a18fb4936f918294641fa63538aba13  2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm 
 0f53b8347922bd4df159fb7fe7685c4d  2008.1/SRPMS/tomcat5-5.5.25-1.2.1.2mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJcVTHmqjQ0CJFipgRAknjAKCSGgcsqoNNTVfD86Nv6UiCWNCXbQCgtDhf
47C6LJ/xIxXv1SoqzvX9ghM=
=17kr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists