[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 746-1] tomcat6 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : tomcat6
Version        : 6.0.45+dfsg-1~deb7u4
CVE ID         : CVE-2016-9774
Debian Bug     : 845393 845425 846298

Paul Szabo discovered a potential privilege escalation that could be
exploited in the situation envisaged in DLA-622-1. This update also
addresses two regressions which were introduced by the fixes for
CVE-2016-5018 (when running Jasper with SecurityManager enabled) and
CVE-2016-6797.

For Debian 7 "Wheezy", these problems have been fixed in version
6.0.45+dfsg-1~deb7u4.

We recommend that you upgrade your tomcat6 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlhUQIZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQEnA//fSDb9FWpjy2PHA1Y1lpZF9OaeZqtkjTkAjKo+jhsO6sb6LkgYLdJQou2
mXKB/B/uf3eMi7aHrTrqzf1aFumzomjg2Qs98KRA7Hsn8LOAy52itTS1xGKkDrre
PCHHU0KjTJUR3E/RAoVsKiANqOoALVYWKJEaBtRIqtlKxONlhpEmcoPjf/w/KBtM
DfUKh6uGNBJVMS+q6NMeeEXVhrdxE8YSWPou5FBzP6mS0o1qdS/10xSqC3P+aRbl
pTFTNG2pENYHxXMFJfrlfQOjHdFFEaZLXmOomTpDwDHhkPCL6ocxuz4EeX7MNMzS
ffdxAsIOsPORdly8P0L3ob03+GZRT87n35yrtYAKz3CvieOiBMSH0vt6+sb/kl94
sqGFtgdwSsZUp/S9Ie2nrJyViTTKus9cIw0+jKX0iODjsJmBctl1++l0l7Mq0l9F
htNiDU6B/EhHuiJCScpPKwAYQdYlz9HzBtGt+uGKmV7JoKjd8oIPBSvRBB6d6iem
GKlFiymrY0yn9Hn9VGLyNIKrDSKIIt4bkE+r4cAaVrv3AZ4RMziASng+aEmG5KBk
21YF2N4YTRwtCmeZmncrZi4MAAwBwQbaQOueTEq3QCIs5quZxw3yA9gavYQ2HJbP
fdwP4Y49N0gAEWIytnDS95572lMYjBjAdWdtEGQHrFoyZPRCoTY=
=qtaC
-----END PGP SIGNATURE-----
Reply to: