[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8



--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3474
2007-11-17 05:37:26.731155
--------------------------------------------------------------------------------

Name        : tomcat5
Product     : Fedora 8
Version     : 5.5.25
Release     : 1jpp.1.fc8
URL         : http://tomcat.apache.org
Summary     : Apache Servlet/JSP Engine, RI for Servlet 2.4/JSP 2.0 API
Description :
Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed by
Sun under the Java Community Process.

Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Tomcat is intended to be
a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project. To
learn more about getting involved, click here.

--------------------------------------------------------------------------------
Update Information:

Updated Tomcat5 packages that fix several security bugs are now available for Fedora Core 8.

This update includes fixes to the following:

  * CVE-2007-1355
  * CVE-2007-3386
  * CVE-2007-3385
  * CVE-2007-3382
  * CVE-2007-2450
  * CVE-2007-2449
  * CVE-2007-5461
  * CVE-2007-1358

All users of tomcat are advised to update to these packages.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 15 2007 Devrim GUNDUZ <devrim commandprompt com> 0:5.5.25-1jpp.1
- Updated to 5.5.25, to fix the following issues:
  * CVE-2007-1355
  * CVE-2007-3386
  * CVE-2007-3385
  * CVE-2007-3382
  * CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081
  * CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081
- Applied patch(20) for RH bugzilla #333791, CVE-2007-5461 
- Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #247994 - CVE-2007-3386 tomcat host manager xss
        https://bugzilla.redhat.com/show_bug.cgi?id=247994
  [ 2 ] Bug #247976 - CVE-2007-3385 tomcat handling of cookie values
        https://bugzilla.redhat.com/show_bug.cgi?id=247976
  [ 3 ] Bug #247972 - CVE-2007-3382 tomcat handling of cookies
        https://bugzilla.redhat.com/show_bug.cgi?id=247972
  [ 4 ] Bug #253166 - CVE-2007-1355 tomcat XSS in samples
        https://bugzilla.redhat.com/show_bug.cgi?id=253166
  [ 5 ] Bug #363081 - CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [F8]
        https://bugzilla.redhat.com/show_bug.cgi?id=363081
  [ 6 ] Bug #363001 - CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [F8]
        https://bugzilla.redhat.com/show_bug.cgi?id=363001
  [ 7 ] Bug #333791 - CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV
        https://bugzilla.redhat.com/show_bug.cgi?id=333791
  [ 8 ] Bug #244804 - CVE-2007-2449 tomcat examples jsp XSS
        https://bugzilla.redhat.com/show_bug.cgi?id=244804
  [ 9 ] Bug #244808 - CVE-2007-2450 tomcat host manager XSS
        https://bugzilla.redhat.com/show_bug.cgi?id=244808
  [ 10 ] Bug #244803 - CVE-2007-1358 tomcat accept-language xss flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=244803
--------------------------------------------------------------------------------
Updated packages:

96d8b1049bef09ad44c2937ac616bf903c291d27 tomcat5-servlet-2.4-api-javadoc-5.5.25-1jpp.1.fc8.ppc64.rpm
d3083712e97d3f936d44af57f8550d58a3ab07a0 tomcat5-jsp-2.0-api-5.5.25-1jpp.1.fc8.ppc64.rpm
e5fd0151e104dd273ef52c89954fafdebbbb2384 tomcat5-jasper-javadoc-5.5.25-1jpp.1.fc8.ppc64.rpm
6d31935aa8e4af5612fab033cfece6fb2416ca5f tomcat5-jsp-2.0-api-javadoc-5.5.25-1jpp.1.fc8.ppc64.rpm
09bfe04328eba615afec9669821dc3ec335c1d61 tomcat5-jasper-5.5.25-1jpp.1.fc8.ppc64.rpm
37b26b4701218ac16d4f922087ba02df0d7ae9d5 tomcat5-common-lib-5.5.25-1jpp.1.fc8.ppc64.rpm
cc23307dbc53bc03b91c43dc65a2bcbb8cb3998e tomcat5-debuginfo-5.5.25-1jpp.1.fc8.ppc64.rpm
b4a440f9f17c90efbf28fd61203b18b15bf3b2f6 tomcat5-servlet-2.4-api-5.5.25-1jpp.1.fc8.ppc64.rpm
67d1046901c375bc283967338379bd3d8c2a8e26 tomcat5-webapps-5.5.25-1jpp.1.fc8.ppc64.rpm
3bae1a3bafe831ecbd02361f6de96db135e1396e tomcat5-jasper-eclipse-5.5.25-1jpp.1.fc8.ppc64.rpm
950add09e07ae0f58fecd85660840bfb0fd05c44 tomcat5-admin-webapps-5.5.25-1jpp.1.fc8.ppc64.rpm
f8f88d2bd791c9f167cde6b275a2e8f82dfb1d1d tomcat5-server-lib-5.5.25-1jpp.1.fc8.ppc64.rpm
3608abf29dd77dfa75daecd1650b06bebdebaac5 tomcat5-5.5.25-1jpp.1.fc8.ppc64.rpm
f72d83152f6dae6b5a33efae0e48b1d934e8e7c1 tomcat5-jasper-eclipse-5.5.25-1jpp.1.fc8.i386.rpm
632051f5ef9baca30cdfc2cab7d1cef43369e1e9 tomcat5-debuginfo-5.5.25-1jpp.1.fc8.i386.rpm
eaf1fb9dfafd243a34e852ad4240b76f17b46f1b tomcat5-webapps-5.5.25-1jpp.1.fc8.i386.rpm
70bfb137c706df7f854763459a1d888217da0f9c tomcat5-jasper-5.5.25-1jpp.1.fc8.i386.rpm
b70defb31347db904bf4805d0dde3dc1097b6365 tomcat5-jasper-javadoc-5.5.25-1jpp.1.fc8.i386.rpm
f8f7a03c517bb52d4a0a653961d0f5d811bfb803 tomcat5-servlet-2.4-api-5.5.25-1jpp.1.fc8.i386.rpm
c5dece53531f65c669728dd5d6db0468a8ab2626 tomcat5-common-lib-5.5.25-1jpp.1.fc8.i386.rpm
45d7fc1a15a59f56ddacd7ffd5bec451943d2483 tomcat5-jsp-2.0-api-javadoc-5.5.25-1jpp.1.fc8.i386.rpm
5c8e207dcc80aea8cdc388d5902fd3f4f60feaf2 tomcat5-servlet-2.4-api-javadoc-5.5.25-1jpp.1.fc8.i386.rpm
2b4fe043dfb40347889a04ed47c70915a8794afb tomcat5-jsp-2.0-api-5.5.25-1jpp.1.fc8.i386.rpm
a87ea90c6e5927cad1c4f21c4956855175d322bc tomcat5-5.5.25-1jpp.1.fc8.i386.rpm
03dbfc1ceca5ded9c0386d9f329de2ac8faa0396 tomcat5-server-lib-5.5.25-1jpp.1.fc8.i386.rpm
426fd642d1e037e0e041881614169a1a571ec49a tomcat5-admin-webapps-5.5.25-1jpp.1.fc8.i386.rpm
f8a0a9c0cab6e856a1652cbced10a67b510f33ba tomcat5-jsp-2.0-api-5.5.25-1jpp.1.fc8.x86_64.rpm
2a4538874d1511551f7c9771b9bf6e43ae08939b tomcat5-jasper-5.5.25-1jpp.1.fc8.x86_64.rpm
c24ef7e2e35487959c609f7f2165d3baa25eb99c tomcat5-5.5.25-1jpp.1.fc8.x86_64.rpm
39fcd61cc37cb6e16633cf23e2a1b1f9fe83ba71 tomcat5-jsp-2.0-api-javadoc-5.5.25-1jpp.1.fc8.x86_64.rpm
f408131c06dff39fd2fdfb2539cea496c7692250 tomcat5-webapps-5.5.25-1jpp.1.fc8.x86_64.rpm
1e8960b8717c04f27f425e9e22c3342e6081e1fc tomcat5-jasper-javadoc-5.5.25-1jpp.1.fc8.x86_64.rpm
bd0845602fe6181f98eb306776727d985cf2436d tomcat5-common-lib-5.5.25-1jpp.1.fc8.x86_64.rpm
3c17f1bf8cf9d353d5b149e7bba8ddb22548d345 tomcat5-servlet-2.4-api-javadoc-5.5.25-1jpp.1.fc8.x86_64.rpm
01f2e61d0b7ab99de5b7161c71dc397e53581908 tomcat5-server-lib-5.5.25-1jpp.1.fc8.x86_64.rpm
2697471cf7c09208b5420cba0feef8d55a3160b4 tomcat5-jasper-eclipse-5.5.25-1jpp.1.fc8.x86_64.rpm
fe4c806167ea52ed9748963f5dfcb724c84280e2 tomcat5-debuginfo-5.5.25-1jpp.1.fc8.x86_64.rpm
d3f490f59f0567e284d9548c2334937153391fad tomcat5-admin-webapps-5.5.25-1jpp.1.fc8.x86_64.rpm
992c4f1485b189e2df6d4788c8c4314a1a668217 tomcat5-servlet-2.4-api-5.5.25-1jpp.1.fc8.x86_64.rpm
47fdbb2444809f855ebf8eb3a9228b3c6c0a57ea tomcat5-server-lib-5.5.25-1jpp.1.fc8.ppc.rpm
f4975b868d12dc1cc764416ca07cc9cb9adb7c7e tomcat5-jasper-5.5.25-1jpp.1.fc8.ppc.rpm
295b0989fc6dff54cb005e01109ac7eed0b2a7cd tomcat5-servlet-2.4-api-javadoc-5.5.25-1jpp.1.fc8.ppc.rpm
ec3479361a30d10fabc8dd4d43a4c79389373438 tomcat5-common-lib-5.5.25-1jpp.1.fc8.ppc.rpm
5e3504fbca8358b5100dad5e0ce4c78bcc363758 tomcat5-webapps-5.5.25-1jpp.1.fc8.ppc.rpm
11360d6a8aeea2166831fe63018006f06f5dcd01 tomcat5-debuginfo-5.5.25-1jpp.1.fc8.ppc.rpm
60d66fc8b1340397a4a699be9e044f239a1283cf tomcat5-jasper-eclipse-5.5.25-1jpp.1.fc8.ppc.rpm
5cb3213a1538d3f7f7f37ba07247f0120e1f8028 tomcat5-jsp-2.0-api-5.5.25-1jpp.1.fc8.ppc.rpm
c1288fcc36c2fbddba0c46b1a7c65e4919418e48 tomcat5-admin-webapps-5.5.25-1jpp.1.fc8.ppc.rpm
c5f23e5ae2f76e65cecee0d1876302e5cc371aca tomcat5-jasper-javadoc-5.5.25-1jpp.1.fc8.ppc.rpm
31bb3d132ec1085df67798f801ae8babfc96bf28 tomcat5-5.5.25-1jpp.1.fc8.ppc.rpm
4fce5fc06204ecceab77813f6d0338163bccdf4d tomcat5-jsp-2.0-api-javadoc-5.5.25-1jpp.1.fc8.ppc.rpm
2e327e4ca539258afaf24a039a5560da9549a2bc tomcat5-servlet-2.4-api-5.5.25-1jpp.1.fc8.ppc.rpm
8f00369dd0fcdbb1021814957a03a66f9a44af2a tomcat5-5.5.25-1jpp.1.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update tomcat5' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]