GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Dec 15, 2014 1:26 am Post subject: [ GLSA 201412-29 ] Apache Tomcat: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: Apache Tomcat: Multiple vulnerabilities (GLSA 201412-29)
Severity: normal
Exploitable: remote
Date: December 15, 2014
Bug(s): #442014, #469434, #500600, #511762, #517630, #519590
ID: 201412-29
Synopsis
Multiple vulnerabilities have been found in Apache Tomcat, the
worst of which may result in Denial of Service.
Background
Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.
Affected Packages
Package: www-servers/tomcat
Vulnerable: < 7.0.56
Unaffected: >= 7.0.56
Unaffected: >= 6.0.41 < 6.0.42
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Tomcat. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker may be able to cause a Denial of Service condition as
well as obtain sensitive information, bypass protection mechanisms and
authentication restrictions.
Workaround
There is no known workaround at this time.
Resolution
All Tomcat 6.0.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41"
| All Tomcat 7.0.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56"
|
References
CVE-2012-2733
CVE-2012-3544
CVE-2012-3546
CVE-2012-4431
CVE-2012-4534
CVE-2012-5885
CVE-2012-5886
CVE-2012-5887
CVE-2013-2067
CVE-2013-2071
CVE-2013-4286
CVE-2013-4322
CVE-2013-4590
CVE-2014-0033
CVE-2014-0050
CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
CVE-2014-0119 |
|