Debian Security Advisory

DSA-3788-1 tomcat8 -- security update

Date Reported:
13 Feb 2017
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 851304.
In Mitre's CVE dictionary: CVE-2017-6056.
More information:

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop.

For the stable distribution (jessie), this problem has been fixed in version 8.0.14-1+deb8u7.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your tomcat8 packages.