Updated tomcat6 packages fix multiple vulnerabilities and logging
Publication date: 17 Feb 2014Modification date: 17 Feb 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2012-3544 , CVE-2013-1571 , CVE-2013-1976 , CVE-2013-2067
Description
Updated tomcat6 packages fix security vulnerabilities: It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service (CVE-2012-3544). A frame injection in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc (CVE-2013-1571) A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root (CVE-2013-1976). It was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim's credentials (CVE-2013-2067). Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory.
References
- http://www.ubuntu.com/usn/usn-1841-1/
- https://rhn.redhat.com/errata/RHSA-2013-0869.html
- http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.39
- https://bugs.mageia.org/show_bug.cgi?id=10201
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067
SRPMS
3/core
- tomcat6-6.0.39-1.1.mga3