LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: 976-1: Tomcat vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that Tomcat incorrectly handled invalid Transfer-Encodingheaders. A remote attacker could send specially crafted requests containinginvalid headers to the server and cause a denial of service, or possiblyobtain sensitive information from other requests. [More...]
===========================================================
Ubuntu Security Notice USN-976-1            August 25, 2010
tomcat6 vulnerability
CVE-2010-2227
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  libtomcat6-java                 6.0.18-0ubuntu6.3

Ubuntu 9.10:
  libtomcat6-java                 6.0.20-2ubuntu2.2

Ubuntu 10.04 LTS:
  libtomcat6-java                 6.0.24-2ubuntu1.3

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding
headers. A remote attacker could send specially crafted requests containing
invalid headers to the server and cause a denial of service, or possibly
obtain sensitive information from other requests.


Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.3.diff.gz
      Size/MD5:    30050 75de0a1316bc34227060d042c20d8c38
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.3.dsc
      Size/MD5:     1412 188f1cfcc4b3b63975c0e2229c19d38c
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz
      Size/MD5:  3484249 9bdbb1c1d79302c80057a70b18fe6721

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.3_all.deb
      Size/MD5:   246612 21e11f9c0a17be237dd9f97d584ff2ab
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.3_all.deb
      Size/MD5:   172804 392096566951baab934719b4639b45b8
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.3_all.deb
      Size/MD5:  2847842 553828b2f158cf856bfe604bc9f4be45
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.3_all.deb
      Size/MD5:    38210 c10afbf52194108e7bf89e16744934bc
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.3_all.deb
      Size/MD5:    53524 646532e66478de18e2a0a75fce6bd115
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.3_all.deb
      Size/MD5:   714432 04c88fc0ab11de3f39e0f05ef3f47d3c
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.3_all.deb
      Size/MD5:   418592 f7d35eea325ee1914cbc4988420993eb
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.3_all.deb
      Size/MD5:    20974 8cb24c726ce75010f98ba6ec2a516ea6
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.3_all.deb
      Size/MD5:    25352 92268953fafb1a5ef96f6d6e645ae12e

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.2.diff.gz
      Size/MD5:    25177 65aeb39da2704850e5b368a46980e8ee
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.2.dsc
      Size/MD5:     1564 7a27be3c6be1df01a80219a71b219696
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20.orig.tar.gz
      Size/MD5:  3590562 44f49e7e14028b6a53c3c346bd18c72f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.20-2ubuntu2.2_all.deb
      Size/MD5:   247294 b4cbcd364cbcd04911e3b25cf198f07c
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.20-2ubuntu2.2_all.deb
      Size/MD5:   183096 06459b765e5a80932965d8799e14471f
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.20-2ubuntu2.2_all.deb
      Size/MD5:  2914570 9c2bffea9539d14880558033dab95eac
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.20-2ubuntu2.2_all.deb
      Size/MD5:    38912 67d391543e5074d3bf0b4950adea23f8
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.20-2ubuntu2.2_all.deb
      Size/MD5:    36678 dbb73216c89c46e7c431b56d0caaad9f
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.20-2ubuntu2.2_all.deb
      Size/MD5:   480078 df083c520b559f4784b9e84716e9e545
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.20-2ubuntu2.2_all.deb
      Size/MD5:   419192 54964deda126605ecedbbae6646aea19
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.20-2ubuntu2.2_all.deb
      Size/MD5:    21754 8ae9f3fadceacf93c7a0ec2c5822ba0c
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.2_all.deb
      Size/MD5:    26162 f764f22044eb2f804d034447f19aa713

Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.3.debian.tar.gz
      Size/MD5:    30370 8879dfaf6fb4a02cc197e8621505bf70
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.3.dsc
      Size/MD5:     1765 6d8ad4bd7f434d2de0f39344165ae641
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24.orig.tar.gz
      Size/MD5:  3262568 0bc48af723d6fee31e404434b3744f66

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.24-2ubuntu1.3_all.deb
      Size/MD5:   247276 4ca0920c48ffcada8e6b98d965339a47
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.24-2ubuntu1.3_all.deb
      Size/MD5:   190556 3952ca5d4e4ae5e681fdd174b1dc5fe0
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.24-2ubuntu1.3_all.deb
      Size/MD5:  3009122 eb0187bb5a32a873d2616610943ad303
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.24-2ubuntu1.3_all.deb
      Size/MD5:    41218 270c8d45b9905165ba56c391bf25f40e
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.24-2ubuntu1.3_all.deb
      Size/MD5:    46196 705dc452b8cd7b96608899f3e7970652
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.24-2ubuntu1.3_all.deb
      Size/MD5:   495340 c977cc0d891f650b97ff0bf34709e3a4
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.24-2ubuntu1.3_all.deb
      Size/MD5:   158856 7a34a8b53ba251073485073e60394446
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.24-2ubuntu1.3_all.deb
      Size/MD5:    24958 758b3c4f2c04766acc63efce328c1eb7
    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.3_all.deb
      Size/MD5:    30804 25ec7ef433e9fea6a32e8f54923129c2




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Four fake Google haxbots hit YOUR WEBSITE every day
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
The Barnaby Jack Few Knew: Celebrated Hacker Saw Spotlight as 'Necessary Evil'
What I Learned from Edward Snowden at the Hacker Conference
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.