Описание
ELSA-2013-0870: tomcat5 security update (IMPORTANT)
[0:5.5.23-0jpp.40]
- Related: CVE-2013-1976 It was found during additional testing
- that the tomcat5 init may fail to start because the user
- shell is set to sbin/nologin. Fixed in init scrip. SU now
- uses -s /bin/sh during startup
[0:5.5.23-0jpp.39]
- Resolves: CVE-2013-1976 Improper TOMCAT_LOG management in
- initscript. Change location of TOMCAT_LOG to /var/log so
- only root can write to it. Touching TOMCAT_LOG is no longer
- required during initscript startup. Permissions and ownership
- changed to 0755 tomcat:root for logdir
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
tomcat5
5.5.23-0jpp.40.el5_9
tomcat5-admin-webapps
5.5.23-0jpp.40.el5_9
tomcat5-common-lib
5.5.23-0jpp.40.el5_9
tomcat5-jasper
5.5.23-0jpp.40.el5_9
tomcat5-jasper-javadoc
5.5.23-0jpp.40.el5_9
tomcat5-jsp-2.0-api
5.5.23-0jpp.40.el5_9
tomcat5-jsp-2.0-api-javadoc
5.5.23-0jpp.40.el5_9
tomcat5-server-lib
5.5.23-0jpp.40.el5_9
tomcat5-servlet-2.4-api
5.5.23-0jpp.40.el5_9
tomcat5-servlet-2.4-api-javadoc
5.5.23-0jpp.40.el5_9
tomcat5-webapps
5.5.23-0jpp.40.el5_9
Oracle Linux x86_64
tomcat5
5.5.23-0jpp.40.el5_9
tomcat5-admin-webapps
5.5.23-0jpp.40.el5_9
tomcat5-common-lib
5.5.23-0jpp.40.el5_9
tomcat5-jasper
5.5.23-0jpp.40.el5_9
tomcat5-jasper-javadoc
5.5.23-0jpp.40.el5_9
tomcat5-jsp-2.0-api
5.5.23-0jpp.40.el5_9
tomcat5-jsp-2.0-api-javadoc
5.5.23-0jpp.40.el5_9
tomcat5-server-lib
5.5.23-0jpp.40.el5_9
tomcat5-servlet-2.4-api
5.5.23-0jpp.40.el5_9
tomcat5-servlet-2.4-api-javadoc
5.5.23-0jpp.40.el5_9
tomcat5-webapps
5.5.23-0jpp.40.el5_9
Oracle Linux i386
tomcat5
5.5.23-0jpp.40.el5_9
tomcat5-admin-webapps
5.5.23-0jpp.40.el5_9
tomcat5-common-lib
5.5.23-0jpp.40.el5_9
tomcat5-jasper
5.5.23-0jpp.40.el5_9
tomcat5-jasper-javadoc
5.5.23-0jpp.40.el5_9
tomcat5-jsp-2.0-api
5.5.23-0jpp.40.el5_9
tomcat5-jsp-2.0-api-javadoc
5.5.23-0jpp.40.el5_9
tomcat5-server-lib
5.5.23-0jpp.40.el5_9
tomcat5-servlet-2.4-api
5.5.23-0jpp.40.el5_9
tomcat5-servlet-2.4-api-javadoc
5.5.23-0jpp.40.el5_9
tomcat5-webapps
5.5.23-0jpp.40.el5_9
Связанные CVE
Связанные уязвимости
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in ...
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.