Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:1292-1

Опубликовано: 15 мая 2017
Источник: suse-cvrf

Описание

Security update for tomcat

This update for tomcat fixes the following issues:

  • CVE-2017-5647 Pipelined requests could lead to information disclosure (bsc#1033448)
  • CVE-2017-5648 Untrusted application could retain listener leading to information disclosure (bsc#1033447)
  • CVE-2016-8745 shared Processor on Connector code could lead to information disclosure (bsc#1015119)

This update was imported from the SUSE:SLE-12-SP1:Update and SUSE:SLE-12-SP2:Update update projects.

Список пакетов

openSUSE Leap 42.1
tomcat-8.0.43-6.7.1
tomcat-admin-webapps-8.0.43-6.7.1
tomcat-docs-webapp-8.0.43-6.7.1
tomcat-el-3_0-api-8.0.43-6.7.1
tomcat-embed-8.0.43-6.7.1
tomcat-javadoc-8.0.43-6.7.1
tomcat-jsp-2_3-api-8.0.43-6.7.1
tomcat-jsvc-8.0.43-6.7.1
tomcat-lib-8.0.43-6.7.1
tomcat-servlet-3_1-api-8.0.43-6.7.1
tomcat-webapps-8.0.43-6.7.1
openSUSE Leap 42.2
tomcat-8.0.43-6.7.1
tomcat-admin-webapps-8.0.43-6.7.1
tomcat-docs-webapp-8.0.43-6.7.1
tomcat-el-3_0-api-8.0.43-6.7.1
tomcat-embed-8.0.43-6.7.1
tomcat-javadoc-8.0.43-6.7.1
tomcat-jsp-2_3-api-8.0.43-6.7.1
tomcat-jsvc-8.0.43-6.7.1
tomcat-lib-8.0.43-6.7.1
tomcat-servlet-3_1-api-8.0.43-6.7.1
tomcat-webapps-8.0.43-6.7.1

Ссылки

Описание

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.

Затронутые продукты
openSUSE Leap 42.1:tomcat-8.0.43-6.7.1
openSUSE Leap 42.1:tomcat-admin-webapps-8.0.43-6.7.1
openSUSE Leap 42.1:tomcat-docs-webapp-8.0.43-6.7.1
openSUSE Leap 42.1:tomcat-el-3_0-api-8.0.43-6.7.1
Ссылки

Описание

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

Затронутые продукты
openSUSE Leap 42.1:tomcat-8.0.43-6.7.1
openSUSE Leap 42.1:tomcat-admin-webapps-8.0.43-6.7.1
openSUSE Leap 42.1:tomcat-docs-webapp-8.0.43-6.7.1
openSUSE Leap 42.1:tomcat-el-3_0-api-8.0.43-6.7.1
Ссылки

Описание

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

Затронутые продукты
openSUSE Leap 42.1:tomcat-8.0.43-6.7.1
openSUSE Leap 42.1:tomcat-admin-webapps-8.0.43-6.7.1
openSUSE Leap 42.1:tomcat-docs-webapp-8.0.43-6.7.1
openSUSE Leap 42.1:tomcat-el-3_0-api-8.0.43-6.7.1
Ссылки