Advisories » MGASA-2015-0081

Updated tomcat packages fix CVE-2014-0227

Publication date: 19 Feb 2015
Modification date: 19 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-0227

Description

Updated tomcat packages fix security vulnerability:

In Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk
as part of a chunked request that caused Tomcat to read part of the request
body as a new request (CVE-2014-0227).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15270
• http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227

SRPMS

4/core

• tomcat-7.0.59-1.mga4