Advisories ยป MGASA-2014-0110

Updated tomcat packages fix CVE-2014-0050

Publication date: 28 Feb 2014
Modification date: 28 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0050

Description

Updated tomcat packages fix security vulnerability:

It was discovered that the Apache Commons FileUpload package for Java could
enter an infinite loop while processing a multipart request with a crafted
Content-Type, resulting in a denial-of-service condition (CVE-2014-0050).

Tomcat 7 includes an embedded copy of the Apache Commons FileUpload package,
and was affected as well.
                

References

SRPMS

4/core

3/core