Ubuntu 1048-1: Tomcat vulnerability

==========================================================Ubuntu Security Notice USN-1048-1          January 24, 2011
tomcat6 vulnerability
CVE-2010-4172
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  tomcat6-admin                   6.0.20-2ubuntu2.3

Ubuntu 10.04 LTS:
  tomcat6-admin                   6.0.24-2ubuntu1.6

Ubuntu 10.10:
  tomcat6-admin                   6.0.28-2ubuntu1.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Tomcat did not properly escape certain parameters in
the Manager application which could result in browsers becoming vulnerable
to cross-site scripting attacks when processing the output. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data (such as
passwords), within the same domain.


Updated packages for Ubuntu 9.10:

  Source archives:

          Size/MD5:    27239 0cc20bab1a9b311bdebf30b7906a19a7
          Size/MD5:     2204 34fb37d15fe193f6def5becb76b0dbaf
          Size/MD5:  3590562 44f49e7e14028b6a53c3c346bd18c72f

  Architecture independent packages:

          Size/MD5:   247424 a14215f5c3cb7ac653b68f16053b945d
          Size/MD5:   183264 4b6b468e0f349e856f56d599573c1600
          Size/MD5:  2914890 6007d0180bd5bfd7430cee707dd60336
          Size/MD5:    39086 c6667d042139ff18b6ce16a4a7d136f9
          Size/MD5:    36804 cf0938f04b4264bbb828eb038d6a2f7b
          Size/MD5:   480290 9963984b5b9af8ca130cfd714d7be6b9
          Size/MD5:   419290 4ac9738375f53bf57ba4a00dad5c234a
          Size/MD5:    21918 b2f4ab22cfa41f0f3a16af0eb75355ff
          Size/MD5:    26318 1a1de7f4532d0b13c778d9d9c181fe74

Updated packages for Ubuntu 10.04 LTS:

  Source archives:

          Size/MD5:    32782 d369c0e8ab9ef06c320a74ba10c5e361
          Size/MD5:     2405 2ee1921228239791f5aab04bc2bf6c48
          Size/MD5:  3262568 0bc48af723d6fee31e404434b3744f66

  Architecture independent packages:

          Size/MD5:   255532 3e126e0a1561b296d78e5713c42b6196
          Size/MD5:   190776 82973dee7e623299449cced7e3bafd50
          Size/MD5:  3008498 cfc272e2ad4ae852f0507d2ada8f0ad8
          Size/MD5:    42094 19948285f4a71219c5f4683f8b4707a8
          Size/MD5:    46300 bff1f177657f45b5de8f9a6b4b875bd9
          Size/MD5:   509958 95aacb34a537e9c8f80cc0b6c20272c6
          Size/MD5:   157790 4e30309eb658f3e0d272d7a80afe3ddd
          Size/MD5:    25402 c4b54a4b984665b2a8ba0f7aaf49f6f6
          Size/MD5:    31424 376f9f72e7ed8b763bf9ad9bd5845003

Updated packages for Ubuntu 10.10:

  Source archives:

          Size/MD5:    34180 9a58889c9a818f3932ab3fb06e07a0c2
          Size/MD5:     2360 b88dde12cb761f398c6cb2848a68d5ca
          Size/MD5:  3114279 c3d696609054be07a55c14a7de1b8ddf

  Architecture independent packages:

          Size/MD5:   247884 76667eab1aea739baa2f6e94bf77922a
          Size/MD5:   191520 5a00687018dd7bc449d003a0183e32ac
          Size/MD5:  3025018 77ef8e9a0eb75bd69c1425f3633ae88e
          Size/MD5:    42388 41a06ce99f6d62589b2bf9ed2d015759
          Size/MD5:    47302 91d28d83c8c1ef5f39f517882b01151e
          Size/MD5:   513714 141ddd468004ffc97660ab49f2b7e6f9
          Size/MD5:   160756 1878b3c23e566f3c5478ea5dc783fd80
          Size/MD5:    25938 9484ebad8612001220014e38807e9359
          Size/MD5:    32822 93254c4418a7645582196bea71a3aff6
Ubuntu 1048-1: Tomcat vulnerability

Summary

Update Instructions

References

Package Information

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
