[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1545-1] tomcat8 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : tomcat8
Version        : 8.0.14-1+deb8u14
CVE ID         : CVE-2018-11784

Sergey Bobrov discovered that when the default servlet returned a
redirect to a directory (e.g. redirecting to /foo/ when the user
requested /foo) a specially crafted URL could be used to cause the
redirect to be generated to any URI of the attackers choice.

For Debian 8 "Jessie", this problem has been fixed in version
8.0.14-1+deb8u14.

We recommend that you upgrade your tomcat8 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvExrxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSq3xAAiTDOhDU3C1yqzgGBfYKFYv0LawsT3cptxdxZTZehVmo2hJ9FObo+SnQ+
tGbWiCxxVsMHOZJsVGK1tgQxTfatC8MI6UJm/kuHitatCnOdNlOyuBvSxF+y3wXy
FQGInPQtmrzVT1Fmv8oDAfSmQk6jZpy5N+yFnyKIJlk5EhGIXSz8H5brFqFzfpjP
LXQA5TNp3JEAmjcE7Nd3Rkjmig2F5qEYc+FYqZxdGYKYUFrpwC/P6lP5yujANBCV
lHqgHXdP8P7VX1vTnaF/KUt0cKhHbbGtV/LGKz80xuFAaxHyCUtT07aDgN+1OGTf
JthXqCnK2/ojj3Zx8Qx39eqbtZbR129GMenSA3rIDPA6L0UIA508c/6iNPWqanBN
O6sWVdl1zX2fVUF+1+Uw8IoLynJBGCQVk5ztEOstEK7hE3bbXX6MmRQaykYtqwQy
+zUSeRVV97+21Yn9PDfe27GltJCMZQFenkBCLLGV3+KvBAStBhb4OSLhuqjfMunA
o3aUv8l9no7BK/zCI+PeuGGSdcVDf8L3tjnOSt9LxcHsH/D2TwJyRsXYbaMwRhYN
7ap2CyNtURzGGVWL6K0CXGtyu6ZvYUTXGUt8fltnQP5sEYKBqEobpfSC2F3nUUtv
V+Qwq1IaqjhrRWWw4JC3LohSUa3pBGIKj7E61xyHZYd53S+ZhOU=
=tSQN
-----END PGP SIGNATURE-----


Reply to: