Описание
ELSA-2011-0335: tomcat6 security and bug fix update (IMPORTANT)
[0:6.0.24-24]
- Resolves: rhbz#674601
- Removed wildcard in main %files that caused duplicate ownership
- of log4j.properties
[0:6.0.24-23]
- Resolves: rhbz#674601
- Reverse - tomcat user requires login shell
- Reverse - rhbz 611244 tomcat-juli missing symlink
- PM/QE decision to include only the security fixes. The rhbzs
- will be taken care of during the rebase to 6.0.33.
- Did not Reverse - rhbz 676922 - additionally instancs of tomcat are broken
- Too many users depend upon it.
[0:6.0.24-22]
- Resolves - tomcat user requires login shell
[0:6.0.24-21]
- Resolves: 676922 - additionally created instances of tomcat
- are broken
[0:6.0.24-20]
- Resolves: rbz# 676922
- Resolves: init script LSB compliance
- Resolves: multiple instances of tomcat.
- Resolves: tomcat-juli missing symlink
[0:6.0.24-18]
- Resolves directory permission problems
[0:6.0.24-17]
- Resolves: CVE-2011-0534 rhbz#674601
[0:6.0.24-16]
- Resolves rhbz#674601 JDK Double.parseDouble DoS
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
tomcat6
6.0.24-24.el6_0
tomcat6-admin-webapps
6.0.24-24.el6_0
tomcat6-docs-webapp
6.0.24-24.el6_0
tomcat6-el-2.1-api
6.0.24-24.el6_0
tomcat6-javadoc
6.0.24-24.el6_0
tomcat6-jsp-2.1-api
6.0.24-24.el6_0
tomcat6-lib
6.0.24-24.el6_0
tomcat6-log4j
6.0.24-24.el6_0
tomcat6-servlet-2.5-api
6.0.24-24.el6_0
tomcat6-webapps
6.0.24-24.el6_0
Oracle Linux i686
tomcat6
6.0.24-24.el6_0
tomcat6-admin-webapps
6.0.24-24.el6_0
tomcat6-docs-webapp
6.0.24-24.el6_0
tomcat6-el-2.1-api
6.0.24-24.el6_0
tomcat6-javadoc
6.0.24-24.el6_0
tomcat6-jsp-2.1-api
6.0.24-24.el6_0
tomcat6-lib
6.0.24-24.el6_0
tomcat6-log4j
6.0.24-24.el6_0
tomcat6-servlet-2.5-api
6.0.24-24.el6_0
tomcat6-webapps
6.0.24-24.el6_0
Связанные CVE
Связанные уязвимости
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not en ...
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.