Описание
ELSA-2017-3080: tomcat6 security update (IMPORTANT)
[0:6.0.24-111]
- Resolves: rhbz#1498345 CVE-2017-12615 CVE-2017-12617 tomcat6: various flaws
[0:6.0.24-110]
- Resolves: rhbz#1461292 CVE-2017-5664 tomcat6: tomcat: Security constrained bypass in error page mechanism
[0:6.0.24-109]
- Resolves: rhbz#1461851 The tomcat6 build is incompatible with the ECJ update
[0:6.0.24-106]
- Resolves: rhbz#1441478 CVE-2017-5647 tomcat6: tomcat: Incorrect handling of pipelined requests when send file was used
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
tomcat6
6.0.24-111.el6_9
tomcat6-admin-webapps
6.0.24-111.el6_9
tomcat6-docs-webapp
6.0.24-111.el6_9
tomcat6-el-2.1-api
6.0.24-111.el6_9
tomcat6-javadoc
6.0.24-111.el6_9
tomcat6-jsp-2.1-api
6.0.24-111.el6_9
tomcat6-lib
6.0.24-111.el6_9
tomcat6-servlet-2.5-api
6.0.24-111.el6_9
tomcat6-webapps
6.0.24-111.el6_9
Oracle Linux i686
tomcat6
6.0.24-111.el6_9
tomcat6-admin-webapps
6.0.24-111.el6_9
tomcat6-docs-webapp
6.0.24-111.el6_9
tomcat6-el-2.1-api
6.0.24-111.el6_9
tomcat6-javadoc
6.0.24-111.el6_9
tomcat6-jsp-2.1-api
6.0.24-111.el6_9
tomcat6-lib
6.0.24-111.el6_9
tomcat6-servlet-2.5-api
6.0.24-111.el6_9
tomcat6-webapps
6.0.24-111.el6_9
Связанные уязвимости
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.