CLSA-2025-1764580671 pki-servlet-engine: Fix of 2 CVEs

CVE-2024-50379: fix TOCTOU vulnerability in JSP compilation to prevent RCE on case insensitive file systems - CVE-2024-38286: fix issue of resource allocation without limits or throttling vulnerability in TLS handshake process - Apply skip-common-daemon patch to remove the commons-daemon.jar copy...

OPENSUSE-SU-2024:10167-1 apache-commons-daemon-1.0.15-7.7 on GA media

These are all security issues fixed in the apache-commons-daemon-1.0.15-7.7 package on the GA media of openSUSE Tumbleweed...

openSUSE Security Update : jakarta-commons-daemon (openSUSE-SU-2011:1062-1)

jsvc did not properly drop capabilities, therefore allowing applications to access files owned by the super user CVE-2011-2729. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Fedora Update for apache-commons-daemon FEDORA-2011-10880

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for apache-commons-daemon FEDORA-2011-10880

Check for the Version of apache-commons-daemon OpenVAS Vulnerability Test Fedora Update for apache-commons-daemon FEDORA-2011-10880 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Ubuntu: Security Advisory (USN-1298-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for commons-daemon USN-1298-1

Ubuntu Update for Linux kernel vulnerabilities USN-1298-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12981.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for commons-daemon USN-1298-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.n...

Ubuntu 11.04 / 11.10 : commons-daemon vulnerability (USN-1298-1)

Wilfried Weissmann discovered that Apache Commons Daemon incorrectly dropped capabilities after starting. A remote attacker could possibly use this flaw to read certain files, bypassing the intended permissions. Note that Tenable Network Security has extracted the preceding description block...

jakarta-commons-daemon (important)

jsvc did not properly drop capabilities, therefore allowing applications to access files owned by the super user CVE-2011-2729...

Important: Red Hat Security Advisory: jakarta-commons-daemon-jsvc security update

An updated jakarta-commons-daemon-jsvc package that fixes one security issue is now available for JBoss Enterprise Web Server 1.0 for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVS...

jakarta-commons-daemon: jsvc does not drop capabilities allowing access to files and directories owned by the superuser

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

Fedora Update for apache-commons-daemon FEDORA-2011-10936

Check for the Version of apache-commons-daemon OpenVAS Vulnerability Test Fedora Update for apache-commons-daemon FEDORA-2011-10936 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Fedora 15 : apache-commons-daemon-1.0.7-1.fc15 (2011-10936)

This update fixes several bugs and also security issue CVE-2011-2729. Users are encouraged to update as soon as possible. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

Fedora 16 : apache-commons-daemon-1.0.7-1.fc16 (2011-10880)

This update fixes several bugs and also security issue CVE-2011-2729. Users are encouraged to update as soon as possible. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

[SECURITY] Fedora 16 Update: apache-commons-daemon-1.0.7-1.fc16

The scope of this package is to define an API in line with the current Java Platform APIs to support an alternative invocation mechanism which could be used instead of the public static void mainString method. This specification covers the behavior and life cycle of what we define as Java daemons...

Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability

Apache Commons Daemon is prone to a remote information-disclosure vulnerability that affects the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

[SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)

CVE-2011-2729: Commons Daemon fails to drop capabilities Apache Tomcat Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 7.0.0 to 7.0.19 Tomcat 6.0.30 to 6.0.32 Tomcat 5.5.32 to 5.5.33 Description: Due to a bug in the capabilities code, jsvc the service wrapper...

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

Fixed in Apache Tomcat 7.0.20

Important: Information disclosure CVE-2011-2729 Due to a bug in the capabilities code, jsvc the service wrapper for Linux that is part of the Commons Daemon project does not drop capabilities allowing the application to access files and directories owned by superuser. This vulnerability only occu...