Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-1097-1] Tomcat vulnerabilities
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Tue, 29 Mar 2011 13:50:27 -0400

===========================================================
Ubuntu Security Notice USN-1097-1            March 29, 2011
tomcat6 vulnerabilities
CVE-2010-3718, CVE-2011-0013, CVE-2011-0534
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  libtomcat6-java                 6.0.20-2ubuntu2.4
  tomcat6-admin                   6.0.20-2ubuntu2.4

Ubuntu 10.04 LTS:
  libtomcat6-java                 6.0.24-2ubuntu1.7
  tomcat6-admin                   6.0.24-2ubuntu1.7

Ubuntu 10.10:
  libtomcat6-java                 6.0.28-2ubuntu1.2
  tomcat6-admin                   6.0.28-2ubuntu1.2

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that the Tomcat SecurityManager did not properly restrict
the working directory. An attacker could use this flaw to read or write
files outside of the intended working directory. (CVE-2010-3718)

It was discovered that Tomcat did not properly escape certain parameters in
the Manager application which could result in browsers becoming vulnerable
to cross-site scripting attacks when processing the output. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data (such as
passwords), within the same domain. (CVE-2011-0013)

It was discovered that Tomcat incorrectly enforced the maxHttpHeaderSize
limit in certain configurations. A remote attacker could use this flaw to
cause Tomcat to consume all available memory, resulting in a denial of
service. (CVE-2011-0534)


Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.4.diff.gz
      Size/MD5:    30146 368440fa70bc0db3761dabf5f2709dda
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.4.dsc
      Size/MD5:     2199 24aa6255ebff7bd1eb07dfa60724e814
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20.orig.tar.gz
      Size/MD5:  3590562 44f49e7e14028b6a53c3c346bd18c72f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.20-2ubuntu2.4_all.deb
      Size/MD5:   247668 768a68b87440f30367d7411d0577d165
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.20-2ubuntu2.4_all.deb
      Size/MD5:   183426 ed8f02b43e199f809f41fae880766e87
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.20-2ubuntu2.4_all.deb
      Size/MD5:  2915040 4a12a41f6d19bd3b6ed60689ead5d006
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.20-2ubuntu2.4_all.deb
      Size/MD5:    39302 c03eff75d4c4ae56b31f93665851a13a
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.20-2ubuntu2.4_all.deb
      Size/MD5:    37028 5ecbb0f812963199b14d75f122f6e6f1
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.20-2ubuntu2.4_all.deb
      Size/MD5:   480530 f6b5cef256b51db43e6312aed3036bf6
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.20-2ubuntu2.4_all.deb
      Size/MD5:   419566 dbc1ceb31ccbd312b3b6e33bd1a852a2
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.20-2ubuntu2.4_all.deb
      Size/MD5:    22166 68229ede69d18279fb42e8860b85dcb4
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.4_all.deb
      Size/MD5:    26564 e476efe024c88de1af97d90e741f6861

Updated packages for Ubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.7.debian.tar.gz
      Size/MD5:    36286 14073ec9f0672f44cc6a32235e81c29d
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.7.dsc
      Size/MD5:     2405 6b7d220adbe7cd6be08219e82d9aa455
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24.orig.tar.gz
      Size/MD5:  3262568 0bc48af723d6fee31e404434b3744f66

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.24-2ubuntu1.7_all.deb
      Size/MD5:   255654 3ce49af59adc048b9d09f8835872def6
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.24-2ubuntu1.7_all.deb
      Size/MD5:   190998 5ada256123bf0f2caed7997bafc5a64f
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.24-2ubuntu1.7_all.deb
      Size/MD5:  3008834 98b54b99e32a9438303232367b66d607
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.24-2ubuntu1.7_all.deb
      Size/MD5:    42308 50bc5b02ee89bcfb03db3008923b55de
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.24-2ubuntu1.7_all.deb
      Size/MD5:    46510 5be3c6ac05b1abd929f43b0fcfe48b90
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.24-2ubuntu1.7_all.deb
      Size/MD5:   510134 6a08a6206e048f73c57bb47e666e6033
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.24-2ubuntu1.7_all.deb
      Size/MD5:   158016 ba1ac786b1bae3b826b8760a0de2e2ff
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.24-2ubuntu1.7_all.deb
      Size/MD5:    25632 047bb156942e60dddb28002002c0bf82
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.7_all.deb
      Size/MD5:    31636 24c8c29feaa4d0e54e47f4fcd521d7b8

Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.2.debian.tar.gz
      Size/MD5:    38583 a37a9a0eb6c8b47c02e68d3b2abf7bad
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.2.dsc
      Size/MD5:     2360 7195e057f375b37fb6bee143379aa709
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28.orig.tar.gz
      Size/MD5:  3114279 c3d696609054be07a55c14a7de1b8ddf

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.28-2ubuntu1.2_all.deb
      Size/MD5:   248152 d369aba28ffd0f4915cdfa5df802e8b2
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.28-2ubuntu1.2_all.deb
      Size/MD5:   191768 6825151048eb76f3e689a544c8556b02
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.28-2ubuntu1.2_all.deb
      Size/MD5:  3025748 2a472cf2b6cb4db888267bc0929d6bf3
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.28-2ubuntu1.2_all.deb
      Size/MD5:    42910 2ece5f8876f3af69148d6e43fc76d5d5
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.28-2ubuntu1.2_all.deb
      Size/MD5:    47558 f5e5851d790a889592ec76e39553a9a7
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.28-2ubuntu1.2_all.deb
      Size/MD5:   514046 759531246db94fed8d60aa3acf875e9a
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.28-2ubuntu1.2_all.deb
      Size/MD5:   161072 ce091b828050a221a1b79665a3e36e9b
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.28-2ubuntu1.2_all.deb
      Size/MD5:    26196 cf4d5b3b1f61f30fe244cc51d11f1c10
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.2_all.deb
      Size/MD5:    33088 1dbe58b7fda5951c3192f57671cb54bb



Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-1097-1] Tomcat vulnerabilities Marc Deslauriers (Mar 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]