Описание
ELSA-2014-1034: tomcat security update (LOW)
[0:7.0.42-8]
- Resolves: CVE-2013-4590
- Resolves: CVE-2014-0119
[0:7.0.42-7]
- Related: CVE-2014-0099 incrementing release so rpmdiff doesn't complain about
- no new entries in the changelog
[0:7.0.42-6]
- Resolves: CVE-2014-0099 Fix possible overflow when parsing
- long values from byte array
- Resolves: CVE-2014-0096 Information discloser process XSLT
- files not subject to same constraint running under
- java security manager
- Resolves: CVE-2014-0075 Avoid overflow in ChunkedInputFilter.
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
tomcat
7.0.42-8.el7_0
tomcat-admin-webapps
7.0.42-8.el7_0
tomcat-docs-webapp
7.0.42-8.el7_0
tomcat-el-2.2-api
7.0.42-8.el7_0
tomcat-javadoc
7.0.42-8.el7_0
tomcat-jsp-2.2-api
7.0.42-8.el7_0
tomcat-jsvc
7.0.42-8.el7_0
tomcat-lib
7.0.42-8.el7_0
tomcat-servlet-3.0-api
7.0.42-8.el7_0
tomcat-webapps
7.0.42-8.el7_0
Связанные CVE
Связанные уязвимости
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 d ...
