[SECURITY] [DLA 823-2] tomcat7 regression update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 823-2] tomcat7 regression update
From: Markus Koschany <apo@debian.org>
Date: Wed, 22 Feb 2017 20:52:46 +0100
Message-id: <[🔎] 584f9262-4d3e-719c-5c5a-720e00e3d21a@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : tomcat7
Version        : 7.0.28-4+deb7u11
CVE ID         : CVE-2017-6056
Debian Bug     : 854551

The update for tomcat7 issued as DLA-823-1 caused that the server could
return HTTP 400 errors under certain circumstances. Updated packages are
now available to correct this issue. For reference, the original
advisory text follows.

It was discovered that a programming error in the processing of HTTPS
requests in the Apache Tomcat servlet and JSP engine may result in
denial of service via an infinite loop.

For Debian 7 "Wheezy", these problems have been fixed in version
7.0.28-4+deb7u11.

We recommend that you upgrade your tomcat7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlit7A5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeR+rRAAymnmAypHH5iJ4B4Gqksi0fJ26ndbDq+3XWGXfQk+2j+FrKOIT/94+mqH
PxE2AS5vqWRkunP8fcMQxaNtosq1DL6E1NzMyUBNqqw+T2/XJEK9J+aBmqc6MnKD
SVwxQqMEpc7J70MhgEdrXORrDhIWnqLACTGjX8GnAE3Mf7wspPsCXtXtTHAcWqhR
UJfVI8WKy86DOm0+OI1oiI2Yg339dRy+EKmdtYP8IEFL8uqrTKyQtu+yU7dNZrAm
FYKLAhZmIDIReTLhoPikNMnW0+Hln5mhPSXXnhIjX3nmiVgw2oTRMvFmHBVEYWFB
8X0akqHIeLD3yFrlQkr/QS8pDZTuyRLjF5nuqHzPPrhTFLcRkfleCiZR5Nd4qg46
BXmxj0xg8khm3MOWJTR9YoUSdvq0wGk4GJqO4d3dx9UEFXptkjfpjMRT6/+lpmkn
cvo01EBhaLdCn8Eqqezn0Ec089Dqf8mpoBOOX7lBA8dODMWt3G9NjBOVWTYCx6ze
obZ0FK5vYm7yu6QZdH3iR8cje2SHNV7ipJCjAYKDykd2k7YcUhkcmUvsjdLqR6oo
f1FZwWMAN1B4jZV1bExkU3DnxyPLHHZw63aaEgH+z8xOET1WcpZj+jpQNECpIhD2
yaJ4nufML5fcCDVPbvrtpqJOB8VldSAwNok53ZAyLBkPN48p6aM=
=Vybi
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 833-1] linux security update
Next by Date: [SECURITY] [DLA 832-1] bitlbee security update
Previous by thread: [SECURITY] [DLA 833-1] linux security update
Next by thread: [SECURITY] [DLA 832-1] bitlbee security update
Index(es):
- Date
- Thread