openSUSE-SU-2012:1700-1: moderate: update for tomcat6

openSUSE Security Update: update for tomcat6 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1700-1 Rating: moderate References: #789406 #791423 #791424 #791426 #791679 #793391 #793394 Cross-References: CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2012-2733 CVE-2012-3546 CVE-2012-4431 CVE-2012-5568 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: - fix bnc#793394 - bypass of security constraints (CVE-2012-3546) * apache-tomcat-CVE-2012-3546.patch http://svn.apache.org/viewvc?view=revision&revision=1381035 - fix bnc#793391 - bypass of CSRF prevention filter (CVE-2012-4431) * apache-tomcat-CVE-2012-4431.patch http://svn.apache.org/viewvc?view=revision&revision=1394456 - document how to protect against slowloris DoS (CVE-2012-5568/bnc#791679) in README.SUSE - fixes bnc#791423 - cnonce tracking weakness (CVE-2012-5885) bnc#791424 - authentication caching weakness (CVE-2012-5886) bnc#791426 - stale nonce weakness (CVE-2012-5887) * apache-tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.patc h http://svn.apache.org/viewvc?view=revision&revision=1380829 - fix bnc#789406 - HTTP NIO connector OOM DoS via a request with large headers (CVE-2012-2733) * http://svn.apache.org/viewvc?view=revision&revision=1356208 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-884 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): libtcnative-1-0-1.3.3-3.7.1 libtcnative-1-0-debuginfo-1.3.3-3.7.1 libtcnative-1-0-debugsource-1.3.3-3.7.1 libtcnative-1-0-devel-1.3.3-3.7.1 - openSUSE 12.1 (noarch): tomcat6-6.0.33-3.7.1 tomcat6-admin-webapps-6.0.33-3.7.1 tomcat6-docs-webapp-6.0.33-3.7.1 tomcat6-el-1_0-api-6.0.33-3.7.1 tomcat6-javadoc-6.0.33-3.7.1 tomcat6-jsp-2_1-api-6.0.33-3.7.1 tomcat6-lib-6.0.33-3.7.1 tomcat6-servlet-2_5-api-6.0.33-3.7.1 tomcat6-webapps-6.0.33-3.7.1 References: http://support.novell.com/security/cve/CVE-2009-2693.html http://support.novell.com/security/cve/CVE-2009-2901.html http://support.novell.com/security/cve/CVE-2009-2902.html http://support.novell.com/security/cve/CVE-2012-2733.html http://support.novell.com/security/cve/CVE-2012-3546.html http://support.novell.com/security/cve/CVE-2012-4431.html http://support.novell.com/security/cve/CVE-2012-5568.html http://support.novell.com/security/cve/CVE-2012-5885.html http://support.novell.com/security/cve/CVE-2012-5886.html http://support.novell.com/security/cve/CVE-2012-5887.html https://bugzilla.novell.com/789406 https://bugzilla.novell.com/791423 https://bugzilla.novell.com/791424 https://bugzilla.novell.com/791426 https://bugzilla.novell.com/791679 https://bugzilla.novell.com/793391 https://bugzilla.novell.com/793394