LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:085: tomcat5 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been discovered and corrected in tomcat5: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:085
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : tomcat5
 Date    : May 30, 2012
 Affected: 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in tomcat5:
 
 Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before
 7.0.23 uses an inefficient approach for handling parameters, which
 allows remote attackers to cause a denial of service (CPU consumption)
 via a request that contains many parameters and parameter values,
 a different vulnerability than CVE-2011-4858 (CVE-2012-0022).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 4dbdc982091d0b24ca8556e943b506be  2010.1/i586/tomcat5-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 6356e7035b07651650760cc98f6aca8c  2010.1/i586/tomcat5-admin-webapps-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 151bccadefd2c0dedaa16d7bbe3373bd  2010.1/i586/tomcat5-common-lib-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 3740c5f224c2ad0fe5bc0d9ddcabf026  2010.1/i586/tomcat5-jasper-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 c095b8a9f0f37ba7a4124ead3663b473  2010.1/i586/tomcat5-jasper-eclipse-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 8e2d9c8a39370b196801e7bfca1f447f  2010.1/i586/tomcat5-jasper-javadoc-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 dae3e2ddc1a320d0fa5d4265340c08a3  2010.1/i586/tomcat5-jsp-2.0-api-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 bcf8969a94eade64275e4377e921adbf  2010.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 7a4bdce7640fa6feb2243e1853781310  2010.1/i586/tomcat5-server-lib-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 f9f9a9b784960f0ff6074d1f1766ea7e  2010.1/i586/tomcat5-servlet-2.4-api-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 c1f2319f08787fe7fc4a9904962b388e  2010.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 736a729aa7f53b2a5ccd132090f496d2  2010.1/i586/tomcat5-webapps-5.5.28-0.5.0.4mdv2010.2.noarch.rpm 
 b043f3f9083fce48f48d1e3365885102  2010.1/SRPMS/tomcat5-5.5.28-0.5.0.4mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 fa2228e5ad8d02f6668428673423cf23  2010.1/x86_64/tomcat5-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 6cab7628431c5403fbac528ecce278e8  2010.1/x86_64/tomcat5-admin-webapps-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 be8db2383ca52bf0f0a56f1c51b93816  2010.1/x86_64/tomcat5-common-lib-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 35c820ac3e6171e43f3f49ee73271d94  2010.1/x86_64/tomcat5-jasper-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 8a57cee533df7699954cdf461ecb40d1  2010.1/x86_64/tomcat5-jasper-eclipse-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 7e0851cfee3732cc13a221fd7515b6a7  2010.1/x86_64/tomcat5-jasper-javadoc-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 12ba62390b699f8f01b6021037f64d4e  2010.1/x86_64/tomcat5-jsp-2.0-api-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 80fc555e01f5fe78d3cce0e1ad087a4e  2010.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 e73452455cd3da005619c2bd2ac5651d  2010.1/x86_64/tomcat5-server-lib-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 102f49ecf8fa3546319edf41451f833a  2010.1/x86_64/tomcat5-servlet-2.4-api-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 4b00aa7483f12401b3de5078e9c098b1  2010.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
 9b1af506d69a2fa83c6822d8eb215198  2010.1/x86_64/tomcat5-webapps-5.5.28-0.5.0.4mdv2010.2.noarch.rpm 
 b043f3f9083fce48f48d1e3365885102  2010.1/SRPMS/tomcat5-5.5.28-0.5.0.4mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 89c5a36d142f485772802793d2d232a3  mes5/i586/tomcat5-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 16c504c38fb2ef6ef0da356aefd38d90  mes5/i586/tomcat5-admin-webapps-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 6de741ee82fa06ed08b5f7ea46aaed6b  mes5/i586/tomcat5-common-lib-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 ead39bc8a884aa62e98711592743d44e  mes5/i586/tomcat5-jasper-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 abc7f54d2f91fcc20ffc5444efd19f3b  mes5/i586/tomcat5-jasper-eclipse-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 da2ff51a33f19b032fc2e05e85f9c988  mes5/i586/tomcat5-jasper-javadoc-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 745711acf7a6a929cc12dd619952ad00  mes5/i586/tomcat5-jsp-2.0-api-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 47f8c00bebb138c31442bb6f63e3c151  mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 23dc6ec060cf070ed60a1450a68df37f  mes5/i586/tomcat5-server-lib-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 7379a900bc3fd0cf87bea9fbd2fbcf0c  mes5/i586/tomcat5-servlet-2.4-api-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 7ea3184918916e6a4e18aa17fe3afe17  mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 3c09e502cfdd5fe1b47179d96fdc70e8  mes5/i586/tomcat5-webapps-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm 
 061692d8b800c6d3303d64fb0629340e  mes5/SRPMS/tomcat5-5.5.28-0.5.0.4mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 3b21dd4a87f5b13789838ce56a94ef35  mes5/x86_64/tomcat5-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 0b9c414e98cda30c4d17223a647e86e0  mes5/x86_64/tomcat5-admin-webapps-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 20c3f49e4c82c1649211740cbdcd97d8  mes5/x86_64/tomcat5-common-lib-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 fa035af744dc3c03912c57d593c42370  mes5/x86_64/tomcat5-jasper-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 cf489c169f7ff6c4fc7973911b80e039  mes5/x86_64/tomcat5-jasper-eclipse-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 da956fd30cadb8a97a4a75a295d3be2d  mes5/x86_64/tomcat5-jasper-javadoc-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 aa38aefa424dccab4229c51e49aec3c8  mes5/x86_64/tomcat5-jsp-2.0-api-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 ff7d076e13b7764a6a1a900f610f3e5b  mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 5fcaf167e2e6008a4d94a6de31d24034  mes5/x86_64/tomcat5-server-lib-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 c306a04a9384df2c216caaf4d492da24  mes5/x86_64/tomcat5-servlet-2.4-api-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 ad91c5f29341c327d6e92ae924547f1c  mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
 6b79384b098909bedc56a3adb3be5212  mes5/x86_64/tomcat5-webapps-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm 
 061692d8b800c6d3303d64fb0629340e  mes5/SRPMS/tomcat5-5.5.28-0.5.0.4mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.