[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1544-1] tomcat7 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : tomcat7
Version        : 7.0.56-3+really7.0.91-1
CVE ID         : CVE-2018-11784

Sergey Bobrov discovered that when the default servlet returned a
redirect to a directory (e.g. redirecting to /foo/ when the user
requested /foo) a specially crafted URL could be used to cause the
redirect to be generated to any URI of the attackers choice.

For Debian 8 "Jessie", this problem has been fixed in version
7.0.56-3+really7.0.91-1.

We recommend that you upgrade your tomcat7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvDqltfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeS5eg/+KAkyQHq6/AxwBFPVygw05rqNK2XOQMnQWw2foliRgbQjgLzx8llsFcaN
+sEQ4at4lyz2pJ6J+G8A3vXRSgVNzcC+IiKZZqvnlhdDCvvDeR/ARUBtMPwzvl/s
B4Tk+EM08GRdzebus0FiVLWpnUK58+81bGGN1jveSffbSXJGMsBnt4sAV1IYRLUt
LntSluo0Sc8mMy0uf77R7pDn7LBn/mp4WSyG9ab94oF/Z+1HWZgRc/iom4CZ+0s6
LwkZnLaSMX2v6e1cmkAblZdvDtOn5pbRxX/GP8agwBwP1hEH2xeZ2+RksPkLW+YA
8h2g36j2WLMey8EVepHvGyTyh0u6C8btJZvwOwa6VKq0KS2kkFvDaqvJnlTUJh3M
e4YI5WhY9pMulq6rGN8ToI1wsJRr3Wzc6+yDE2+COwdOoFygQWU0oXmT1ttdZLhy
jhS46fU1SR3FSGBA0qy4/jOVh8Dh1eoX21aSFHe+Z7z1LSD03EbAAC8CC5ztiMAV
Zt44GO0TU6Zu76yAHcj4I/I6gRUOwcJF7k/krX2Gk4A09+xrN8aBStLsomMV9X4h
ZyBLTZfDsOMZGQewM/B6hIuxLBG8mXiW5wDWQwNcLeS2zea93sGvQbOrGSXjMNXe
fx/YSlRPYpBoGiyhJG4sy6qM4x+2aAKg2g1LK0d75ZDObactsIE=
=dMx0
-----END PGP SIGNATURE-----
Reply to: