GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Mar 19, 2020 9:26 pm Post subject: [ GLSA 202003-43 ] Apache Tomcat |
 |
|
Gentoo Linux Security Advisory
Title: Apache Tomcat: Multiple vulnerabilities (GLSA 202003-43)
Severity: normal
Exploitable: remote
Date: 2020-03-19
Bug(s): #692402, #706208, #710656
ID: 202003-43
Synopsis
Multiple vulnerabilities have been found in Apache Tomcat, the
worst of which could lead to arbitrary code execution.
Background
Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.
Affected Packages
Package: www-servers/tomcat
Vulnerable: < 8.5.51
Unaffected: >= 8.5.51 < 8.5.52
Unaffected: >= 7.0.100 < 7.0.101
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Apache Tomcat. Please
review the CVE identifiers referenced below for details.
Impact
An attacker could possibly smuggle HTTP requests or execute arbitrary
code.
Workaround
There is no known workaround at this time.
Resolution
All Apache Tomcat 7.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.100:7"
|
All Apache Tomcat 8.5.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.51:8.5"
|
References
CVE-2019-0221
CVE-2019-12418
CVE-2019-17563
CVE-2020-1938
Last edited by GLSA on Sat Mar 21, 2020 4:17 am; edited 1 time in total |
|
News & Announcements
