[SECURITY] [DLA 746-1] tomcat6 security update


Package : tomcat6 Version : 6.0.45+dfsg-1~deb7u4 CVE ID : CVE-2016-9774 Debian Bug : 845393 845425 846298 Paul Szabo discovered a potential privilege escalation that could be exploited in the situation envisaged in DLA-622-1. This update also addresses two regressions which were introduced by the fixes for CVE-2016-5018 (when running Jasper with SecurityManager enabled) and CVE-2016-6797. For Debian 7 "Wheezy", these problems have been fixed in version 6.0.45+dfsg-1~deb7u4. We recommend that you upgrade your tomcat6 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Affected Package

OS OS Version Package Name Package Version
Debian 7 libservlet3.0-java 7.0.28-4+deb7u8
Debian 7 tomcat6-docs 6.0.45+dfsg-1~deb7u4
Debian 7 tomcat7-user 7.0.28-4+deb7u8
Debian 8 tomcat7-user 7.0.56-3+deb8u6
Debian 7 tomcat7 7.0.28-4+deb7u8
Debian 8 libtomcat8-java 8.0.14-1+deb8u5
Debian 8 libservlet3.0-java-doc 7.0.56-3+deb8u6
Debian 7 tomcat7-examples 7.0.28-4+deb7u7
Debian 8 tomcat7-examples 7.0.56-3+deb8u5
Debian 7 libtomcat7-java 7.0.28-4+deb7u8
Debian 7 tomcat7-admin 7.0.28-4+deb7u8
Debian 8 tomcat8 8.0.14-1+deb8u4
Debian 7 tomcat6-common 6.0.45+dfsg-1~deb7u3
Debian 8 tomcat7-user 7.0.56-3+deb8u5
Debian 8 tomcat7 7.0.56-3+deb8u5
Debian 7 libtomcat6-java 6.0.45+dfsg-1~deb7u4
Debian 8 libservlet3.1-java 8.0.14-1+deb8u5
Debian 8 tomcat7-examples 7.0.56-3+deb8u6
Debian 8 tomcat7-common 7.0.56-3+deb8u6
Debian 7 tomcat6 6.0.45+dfsg-1~deb7u4
Debian 7 tomcat7-common 7.0.28-4+deb7u8
Debian 7 tomcat7 7.0.28-4+deb7u7
Debian 7 tomcat7-admin 7.0.28-4+deb7u7
Debian 8 libservlet3.0-java 7.0.56-3+deb8u6
Debian 7 libservlet2.5-java 6.0.45+dfsg-1~deb7u4
Debian 8 tomcat8-user 8.0.14-1+deb8u5
Debian 8 libtomcat8-java 8.0.14-1+deb8u4
Debian 7 libservlet2.4-java 6.0.45+dfsg-1~deb7u3
Debian 8 tomcat8-docs 8.0.14-1+deb8u4
Debian 7 libtomcat6-java 6.0.45+dfsg-1~deb7u3
Debian 7 tomcat6-examples 6.0.45+dfsg-1~deb7u3
Debian 8 tomcat7-docs 7.0.56-3+deb8u6
Debian 7 tomcat6-examples 6.0.45+dfsg-1~deb7u4
Debian 7 tomcat7-user 7.0.28-4+deb7u7
Debian 7 tomcat7-examples 7.0.28-4+deb7u8
Debian 8 libservlet3.1-java-doc 8.0.14-1+deb8u5
Debian 7 tomcat6-admin 6.0.45+dfsg-1~deb7u4
Debian 8 tomcat8-common 8.0.14-1+deb8u4
Debian 7 tomcat6-extras 6.0.45+dfsg-1~deb7u3
Debian 8 tomcat7 7.0.56-3+deb8u6
Debian 7 libservlet2.4-java 6.0.45+dfsg-1~deb7u4
Debian 8 tomcat8-common 8.0.14-1+deb8u5
Debian 8 tomcat8-examples 8.0.14-1+deb8u4
Debian 7 tomcat6-user 6.0.45+dfsg-1~deb7u4
Debian 8 tomcat8-admin 8.0.14-1+deb8u4
Debian 7 libservlet2.5-java-doc 6.0.45+dfsg-1~deb7u3
Debian 8 tomcat7-common 7.0.56-3+deb8u5
Debian 8 libservlet3.0-java-doc 7.0.56-3+deb8u5
Debian 7 tomcat6-extras 6.0.45+dfsg-1~deb7u4
Debian 8 tomcat8 8.0.14-1+deb8u5
Debian 7 libservlet2.5-java 6.0.45+dfsg-1~deb7u3
Debian 7 tomcat6-common 6.0.45+dfsg-1~deb7u4
Debian 8 tomcat7-admin 7.0.56-3+deb8u6
Debian 7 libservlet3.0-java-doc 7.0.28-4+deb7u7
Debian 7 libtomcat7-java 7.0.28-4+deb7u7
Debian 8 libservlet3.0-java 7.0.56-3+deb8u5
Debian 7 libservlet3.0-java 7.0.28-4+deb7u7
Debian 8 tomcat7-admin 7.0.56-3+deb8u5
Debian 8 tomcat7-docs 7.0.56-3+deb8u5
Debian 8 libservlet3.1-java 8.0.14-1+deb8u4
Debian 7 libservlet3.0-java-doc 7.0.28-4+deb7u8
Debian 7 libservlet2.5-java-doc 6.0.45+dfsg-1~deb7u4
Debian 8 tomcat8-examples 8.0.14-1+deb8u5
Debian 7 tomcat7-common 7.0.28-4+deb7u7
Debian 7 tomcat6-admin 6.0.45+dfsg-1~deb7u3
Debian 7 tomcat7-docs 7.0.28-4+deb7u7
Debian 7 tomcat7-docs 7.0.28-4+deb7u8
Debian 7 tomcat6-docs 6.0.45+dfsg-1~deb7u3
Debian 8 libtomcat7-java 7.0.56-3+deb8u5
Debian 7 tomcat6-user 6.0.45+dfsg-1~deb7u3
Debian 8 tomcat8-user 8.0.14-1+deb8u4
Debian 8 tomcat8-admin 8.0.14-1+deb8u5
Debian 7 tomcat6 6.0.45+dfsg-1~deb7u3
Debian 8 libservlet3.1-java-doc 8.0.14-1+deb8u4
Debian 8 libtomcat7-java 7.0.56-3+deb8u6
Debian 8 tomcat8-docs 8.0.14-1+deb8u5