lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 22 Feb 2017 16:14:53 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3788-2] tomcat8 regression update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3788-2                   security@...ian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 22, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tomcat8

The update for tomcat8 issued as DSA-3788-1 caused that the server could
return HTTP 400 errors under certain circumstances. Updated packages are
now available to correct this issue. For reference, the original
advisory text follows.

It was discovered that a programming error in the processing of HTTPS
requests in the Apache Tomcat servlet and JSP engine may result in
denial of service via an infinite loop.

For the stable distribution (jessie), this problem has been fixed in
version 8.0.14-1+deb8u8.

We recommend that you upgrade your tomcat8 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlituMpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TR/Q/9GYULVLaN17mQJPJsXN0AVMwPY9uVPuipWIILxEorzRh4+ikHt7RXSxXJ
1rdrX8KsAcrkPRe4GwxRJT3T4h3COu4LluAnuauw1wp7D6ANPm3A+v+6YJxSPMQD
sMNj7olu+jVIols0lLmWoNWQgAxEJ4OFxrny4KNP1MDbrlf5UjYA1frIK0JcXdxt
t+fR5imTfbqHAhuESyLm7YmIzCsLlCroFWaeuauZTQqM6p4+LzCpGRYA3BoU6X4S
SnZ14o6S/E5JFEn9qVZQ5usS0VHFZRFRtq5txuzaKM6u1NyswPFwE5LrO26IyIa2
kCRg6pJ+cwe/jrlBSJ67UPRXZNljMB6hvZD14FqcFdb+QifVDlKrQHOKxKi7SYSV
Lksi5QuUa9bzHgYAok7PdcXoKqKbrJP1U8dj8bvDIVxBqxaX7H2aGjlu357ESVSs
DVab7ETfCtsLy1/P66hFMVjoWWZPswAwNUr0XK8J9zCd6ARUEARZ4XrlXuk0A8vN
5Z5ubeWPx0mmAqA4VO9YNELkboWAgZheI9JE9BfepBPRwggCarFn51COcQrMl8Z7
e9XTZblwbadiUj0NCZgWdklWU3BVgiUJpFY1exp1tgAid4jp6rWVcDq3/DVwaUKV
nepkUYnVxEtsLSHH+P90I8JdwM+GFxX1F+K5YaaCIQfJCNxhu4g=
=S0Vn
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ