[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1453-1] tomcat7 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : tomcat7
Version        : 7.0.56-3+really7.0.90-1
CVE ID         : CVE-2018-8034

The host name verification in Tomcat when using TLS with the WebSocket
client was missing. It is now enabled by default.

For Debian 8 "Jessie", this problem has been fixed in version
7.0.56-3+really7.0.90-1.

We recommend that you upgrade your tomcat7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAltebVVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSvUA//WDSYZFJjOIYc/zNaBFIvfJN239mJP3rJB0KJUBTnRd4oiILkIZsQE0Po
QHU8HxOQTBuPNqo8EVSuhzJAbdzk7MjvzdG1cruJftXMgI26Cpevrmb7PCEnOTBC
8jqPvHQ+/QrwbUkl9jyGAJ4UwF0RW/xLnN6dOja/eMOzrZuigH0+cF9Co5SPmmgo
bZ368aA+Sw77fRvyEnpamstoYOmH72vFC40TJVx87teQ0+yt3TjtmaYmMl2o9ZJL
YGVvS3bhLRbA7L11OCgetPjI+41VlMZJtByzoH6kJNgpkB8l39UHG1QMjQQhgIQO
27IzNwNqA9P6qdFZQgu7UxlHeBNX9wzTOR+jARUHgPjUQwiGP1BYX4KRfIq9lFt9
IsNt9DOk8m7+IxTWwonZ+4ae9Z/ZUUHuKp/UmZdaORcwAEWxTQq1W2haVcTVTzFp
V+nkFvQXN9hlzzS4ros2dZxGDPOlpvvWDYf4Swt00YOrQ2vfyZX/EbFgEu1m6CYw
PqKnASvp/fdA5z1hYlKk1j2IRpar+eNaIdHNWzCeNdU5uwiIkqQRb9VxawD798wA
E0+g/0EeYT7sYPhP916b/tKGGOirtlGcKWGX7OvxRcc/zInzQ95p7Ng4xKqAXR4f
QIjGmPrd7m2OC3qHMKX2g+5pn2XaKmEb8k24CvkV+KzIaWccUUM=
=idP4
-----END PGP SIGNATURE-----


Reply to: