[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 622-1] tomcat6 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : tomcat6
Version        : 6.0.45+dfsg-1~deb7u2
CVE ID         : CVE-2016-1240



Dawid Golunski from legalhackers.com discovered that Debian's version
of Tomcat 6 was vulnerable to a local privilege escalation. Local
attackers who have gained access to the server in the context of the
tomcat6 user through a vulnerability in a web application were able to
replace the file with a symlink to an arbitrary file.

The full advisory can be found at

http://legalhackers.com/advisories/Tomcat-Debian-based-Root-Privilege-Es
calation-Exploit.txt

For Debian 7 "Wheezy", these problems have been fixed in version
6.0.45+dfsg-1~deb7u2.

We recommend that you upgrade your tomcat6 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJX2rRTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hk7Q8P/07qsHzrS4uVBfdxGY+kawqp
jd5011ZffwS7tl54fVpiXQmpu9spEPZmBfzYtJWnH3xsngj2KkqaAwP7NqCc4Inc
ebF7MTHdrFlIyvC649kaA73EUlN17tjzMpSiS2KaAN5/cV8rCQtHYH7SpjTV4+ZZ
14fb+TjQmA9ThANPs/HTjG9BgGeXhHOxfdELMqeiyZGmcfj4w4A0/DN3BgFmEPhM
649b2kQiITNz2lIEyytNqqbzJ08l+ODiqldfju42ssEj2EecCw6rvOeHG0bb8aQ4
Du3dN3bjtUPubjSDZAX/xf+00/+rGskgXs7EHLWQZdD0+EAIU010wNb2HX3DSjNV
pKXAFq6clmuKMVWYCJkGcJG/Zg635FB9AOcc7xwUpzagGWu0yCJrfydjQVjtGLUg
xRELL66unsvxLBDuPZXf34o0l7dBkVGDdgcHAk04pUbXri8g6SwhCfu1wR4Wt0vY
unBusG1GOjAEXXRMp9YC5dujI98JLw+Cd3kdNvWnu97n7/1vqD9E467Ucd5FAaWT
NJ5pxLiftlWjh+GfOQt+1lwQMma/5f7kiEoLwU5ofh/PbwYeTF6wwg1kG+KLgZwJ
9Z5GgwIQhUgXyYd1eZQuz6BWiV1JVGpTwPMsrTBCo0glPtbxc+j+or1mSuvDBOAA
ELARmtw4AiQNjmqd8J2J
=+qsa
-----END PGP SIGNATURE-----


Reply to: