Updated tomcat packages fix CVE-2014-0050
Publication date: 28 Feb 2014Modification date: 28 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0050
Description
Updated tomcat packages fix security vulnerability: It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition (CVE-2014-0050). Tomcat 7 includes an embedded copy of the Apache Commons FileUpload package, and was affected as well.
References
SRPMS
4/core
- tomcat-7.0.47-1.2.mga4
3/core
- tomcat-7.0.41-5.mga3