Advisories » MGASA-2014-0110

Updated tomcat packages fix CVE-2014-0050

Publication date: 28 Feb 2014
Modification date: 28 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0050

Description

Updated tomcat packages fix security vulnerability:

It was discovered that the Apache Commons FileUpload package for Java could
enter an infinite loop while processing a multipart request with a crafted
Content-Type, resulting in a denial-of-service condition (CVE-2014-0050).

Tomcat 7 includes an embedded copy of the Apache Commons FileUpload package,
and was affected as well.
                

References

• http://seclists.org/fulldisclosure/2014/Feb/41
• http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.52
• https://bugs.mageia.org/show_bug.cgi?id=12899
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050

SRPMS

4/core

• tomcat-7.0.47-1.2.mga4

3/core

• tomcat-7.0.41-5.mga3