[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 4952-1] tomcat9 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4952-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 09, 2021                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tomcat9
CVE ID         : CVE-2021-30640 CVE-2021-33037
Debian Bug     : 991046

Two vulnerabilities were discovered in the Tomcat servlet and JSP engine,
which could result in HTTP request smuggling, bypass of logout
restrictions or authentications using variations of a valid user name.

For the stable distribution (buster), these problems have been fixed in
version 9.0.31-1~deb10u5.

We recommend that you upgrade your tomcat9 packages.

For the detailed security status of tomcat9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tomcat9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmERmLEACgkQEMKTtsN8
TjZeMw/9Em+a8hxIgfV6m8svrekc9scclTwKifFNjMU8JPwRHiK/jP7jpz8mwO4W
AiEe+TaIiEhlqjg41G2b7P/2cxJlB2Uetf16dvajv9kZA4MjMVDTXiDKvuqo5uVg
zT7lkwU6jaMDGUd/unZZTwk8jh4imrF11fLCL6bQciwBdDAuiMDiioW526XwK/5u
oUfdu1SJphXNQSkq/d6R7eTOurryFxYrrBswUUsYF5Dk4NhtNuR6pLsRmLVo3sO1
490C/MxLuL/vDMY/5ycqUcBu9JQ4hOADDUClUFcx4/U9soMCTbxsc4OGVlqJAK4W
+IeVNO6Y+miHkQCoeqP3deq+ZCwiHaaPR4Y+pZHmGaSvnG7akG8ZJATZWUB/YdU4
DnNlGxgaIIqxHSZcht9ExSTufwjNiYGCQeuBPVhOsh+DDk4l1m1JJN+5nUwB9/id
SRV3ZmlRLwJu0YcZPdtogrgmfUgpI3rr+M0t+nERDo3gJ5qQIT2shCNjQaNSEcx8
ko/6aELWC546FlncPCjEpCNDGqsEn7BYOzf18JRqlD1/NPYM+eBa1grXqBdYj9oa
Fyl69bY8YU7V8l/aEDvrPDMDStvIvaK2MFtdPvpUQRvU71iuY37CtM5AaaGyOl95
zyNSHUvLzXNOpEWUMTgNKTmTmbRTkCSW71GCgRaVuLthzHN2Bic=
=WmYc
-----END PGP SIGNATURE-----


Reply to: