lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 11 Feb 2010 14:28:04 -0500
From: Marc Deslauriers <>
Subject: [USN-899-1] Tomcat vulnerabilities

Ubuntu Security Notice USN-899-1          February 11, 2010
tomcat6 vulnerabilities
CVE-2009-2693, CVE-2009-2901, CVE-2009-2902

A security issue affects the following Ubuntu releases:

Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  libtomcat6-java                 6.0.18-0ubuntu3.3

Ubuntu 9.04:
  libtomcat6-java                 6.0.18-0ubuntu6.2

Ubuntu 9.10:
  libtomcat6-java                 6.0.20-2ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Tomcat did not correctly validate WAR filenames or
paths when deploying. A remote attacker could send a specially crafted WAR
file to be deployed and cause arbitrary files and directories to be
created, overwritten, or deleted.

Updated packages for Ubuntu 8.10:

  Source archives:
      Size/MD5:    26616 15947847c9ba6bca5b4c7c30280c0fb8
      Size/MD5:     1379 86363fde24b72d18e84ef451312646b1
      Size/MD5:  3484249 9bdbb1c1d79302c80057a70b18fe6721

  Architecture independent packages:
      Size/MD5:   174352 069180c1a5572ce1f6fa93bcccb5d416
      Size/MD5:  2963632 cc3ccccd2a204091802013ba3ed1a14b
      Size/MD5:    37574 0338b8f2dae4792fa115d748ad6ef0c4
      Size/MD5:    53718 28ea7eeff8f52e7999e79753241b5764
      Size/MD5:   714470 0f4e4e92a9c8299c09aa701e2234a299
      Size/MD5:   419384 ee04dfb73fd622f9da2b29dabcc63062
      Size/MD5:    18856 82a444d0784a9de1792acefa4e422819
      Size/MD5:    24418 4cde466df88b81d842874504669c5ed5

Updated packages for Ubuntu 9.04:

  Source archives:
      Size/MD5:    29144 b204c293225729248eb147a84d120c05
      Size/MD5:     1412 21a10f9c437e9edffb7baae80196a3da
      Size/MD5:  3484249 9bdbb1c1d79302c80057a70b18fe6721

  Architecture independent packages:
      Size/MD5:   246472 867519558398828a41a2cfb74f59fbf8
      Size/MD5:   172726 fdf61235de74397f6cdaef0e1c75efff
      Size/MD5:  2848098 f2b6718e0e25cab22a7dd9cbf2f2d920
      Size/MD5:    38086 61d1f99bfadee394356ba09955af203f
      Size/MD5:    53422 1ba93e5960666a8c380a0091e3d0062e
      Size/MD5:   714374 0a82b6b46ba6fa3a4d2e1a22e7e802d0
      Size/MD5:   418550 4eb0f440623adab18796f907478c6ffc
      Size/MD5:    20832 ba5f382e9a3423bf32a28c7aae1af22f
      Size/MD5:    25210 09ce858a43d1d5eafc3be8c74df7f4eb

Updated packages for Ubuntu 9.10:

  Source archives:
      Size/MD5:    24200 0301e8b6886eed5acfe1135262564354
      Size/MD5:     1564 9c02cfcdbf44123e1d1f669c23256109
      Size/MD5:  3590562 44f49e7e14028b6a53c3c346bd18c72f

  Architecture independent packages:
      Size/MD5:   247082 f1b8ce2ec306f55eb10eaf3dfb554ba4
      Size/MD5:   182942 987d4d34f2a24645372d44a2132d61a4
      Size/MD5:  2914180 850bbadb3973c1cac0a5764286054a0c
      Size/MD5:    38746 069812c70cb608a1b97d51e2a22b746c
      Size/MD5:    36530 e6f95590d1998a7d9f05c87f65ddcca6
      Size/MD5:   479894 0cf8923ff34c688300b61f7e15852f05
      Size/MD5:   418982 b75582d62de99c7f610f89dc87c19814
      Size/MD5:    21602 dfb3677e4ea5df88905a30b3b9268857
      Size/MD5:    25988 b4898543c09f3f35c0b4e835a95cc11c

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists