[SECURITY] [DSA 3670-1] tomcat8 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 3670-1] tomcat8 security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 15 Sep 2016 19:27:51 +0200
Message-id: <[🔎] 20160915172751.GB32051@pisco.westfalen.local>
Reply-to: debian-security@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3670-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 15, 2016                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tomcat8
CVE ID         : CVE-2016-1240

Dawid Golunski of LegalHackers discovered that the Tomcat init script
performed unsafe file handling, which could result in local privilege
escalation.

For the stable distribution (jessie), this problem has been fixed in
version 8.0.14-1+deb8u3.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your tomcat8 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJX2tmhAAoJEBDCk7bDfE42U14QAJJOSC4b8vtDESjIjSWxODg5
H8CI7SkATzcDlIfPTNCxX4Gn9iAWS8uxjJP7FaUjpsBmzkB1omdzmr6SgCw9mlM0
b0sZXRGRbKDRnXzN0IwTuKI/tuV1s7c5KWfjhGTAJ1SL7foKlwaKXXQemeztouiv
yRmczPp9NlqrifyXGNIqsF47QNbGiJIM5S+N99/u1YHMO1akm4i2f5cKtfIXokU4
7tpY8UoxAqmWJ4u1p9PxmtA71vuP8gsXoN836iM/OtrY9IZlpArzF6qANhOtj85o
ynd7MiPURLutw6Xmp6ZGOpx6or8g4prmjLubsg1tekoQsFI2BJy93oxNj+Wyo7dp
4CG3XF9aM4QAv7JkuRY6vQIeOcN04h48/MPgY2VR8gykh1v+IFj2+dxTBRVeMcm8
Tu5NLwi83iHaqxxM4h49baQiCwnSimTSd9Bbji060jybWQbtSGoY0zW970z7+uP7
reUu50rI8Hl/Ie8pB13S6kzmvIrGUQpCbIjv01LMO014rYMKfQtCfD/j/8gKikrq
6ofo42Xb7D0MfiUn1xy9yAl+wwcer1yaG1MbUCerhWWRMkr0w17etkiCZcSiskeB
LuZ5a+bExkpnMr8RhErnSHTOEqvW+8djQEkN2fXEUv5pUHww55I+tcf8QfqCV6a4
BPq31eJnhbkhvROQIv8E
=Fhnw
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 3669-1] tomcat7 security update
Next by Date: [SECURITY] [DSA 3671-1] mutt security update
Previous by thread: [SECURITY] [DSA 3669-1] tomcat7 security update
Next by thread: [SECURITY] [DSA 3671-1] mutt security update
Index(es):
- Date
- Thread