12 matches found
CVE-2016-9774
The CVE-2016-9774 issue affects the postinst scripts of tomcat6, tomcat7, and tomcat8 across multiple Debian/Ubuntu releases (e.g., Debian wheezy, Ubuntu 12.04/14.04, Debian jessie, Ubuntu 16.04/16.10, and Ubuntu 17.04). The root cause is a symlink attack on the Catalina localhost directory durin...
Ubuntu 14.04 LTS : Tomcat regression (USN-3177-2)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3177-2 advisory. USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes...
USN-3177-2: Tomcat regression
USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Tomcat realm implementations...
Ubuntu 14.04 LTS / 16.04 LTS : Tomcat vulnerabilities (USN-3177-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3177-1 advisory. It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could...
Debian DSA-3738-1 : tomcat7 - security update
Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution. As part of this update, several regressions stemming from...
[SECURITY] [DLA 753-1] tomcat7 security update
Package : tomcat7 Version : 7.0.28-4+deb7u8 CVE ID : CVE-2016-9774 Debian Bug : 845393 845425 846298 Paul Szabo discovered a potential privilege escalation that could be exploited in the situation envisaged in DLA-622-1. This update also addresses several regressions stemming from incomplete fixe...
[SECURITY] [DSA 3739-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3739-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 18, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3739-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3739-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 18, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3738-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3738-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 18, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3738-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3738-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 18, 2016 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3739-1 (tomcat8 - security update)
Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution. As part of this update, several regressions stemming from...
[SECURITY] [DLA 746-1] tomcat6 security update
Package : tomcat6 Version : 6.0.45+dfsg-1deb7u4 CVE ID : CVE-2016-9774 Debian Bug : 845393 845425 846298 Paul Szabo discovered a potential privilege escalation that could be exploited in the situation envisaged in DLA-622-1. This update also addresses two regressions which were introduced by the...