Advisories » MGASA-2016-0260

Updated tomcat/apache-commons-fileupload packages fix security vulnerability

Publication date: 26 Jul 2016
Modification date: 26 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-3092

Description

The TERASOLUNA Framework Development Team discovered a denial of service
vulnerability in Apache Commons FileUpload. A remote attacker can take
advantage of this flaw by sending file upload requests that cause the HTTP
server using the Apache Commons Fileupload library to become unresponsive,
preventing the server from servicing other requests.

Tomcat contains a bundled copy of this library, so it has also been
patched to fix this issue.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18803
• http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.70
• https://www.debian.org/security/2016/dsa-3611
• https://www.debian.org/security/2016/dsa-3614
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

SRPMS

5/core

• tomcat-7.0.68-1.1.mga5
• apache-commons-fileupload-1.3.1-4.1.mga5