Mailinglist Archive: opensuse-updates (94 mails)

< Previous Next >
openSUSE-SU-2013:0147-1: moderate: tomcat6
openSUSE Security Update: tomcat6
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0147-1
Rating: moderate
References: #789406 #791423 #791424 #791426 #791679 #793391
#793394
Cross-References: CVE-2009-2693 CVE-2009-2901 CVE-2009-2902
CVE-2012-2733 CVE-2012-3546 CVE-2012-4431
CVE-2012-5568 CVE-2012-5885 CVE-2012-5886
CVE-2012-5887
Affected Products:
openSUSE 11.4/standard/i586/patchinfo.35
______________________________________________________________________________

An update that fixes 10 vulnerabilities is now available.

Description:

- fix bnc#793394 - bypass of security constraints
(CVE-2012-3546)
* apache-tomcat-CVE-2012-3546.patch
http://svn.apache.org/viewvc?view=revision&revision=1381035

- fix bnc#793391 - bypass of CSRF prevention filter
(CVE-2012-4431)
* apache-tomcat-CVE-2012-4431.patch
http://svn.apache.org/viewvc?view=revision&revision=1394456


- document how to protect against slowloris DoS
(CVE-2012-5568/bnc#791679) in README.SUSE

- fixes bnc#791423 - cnonce tracking weakness
(CVE-2012-5885) bnc#791424 - authentication caching
weakness (CVE-2012-5886) bnc#791426 - stale nonce
weakness (CVE-2012-5887)
*
apache-tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.patc
h
http://svn.apache.org/viewvc?view=revision&revision=1380829


- fix bnc#789406 - HTTP NIO connector OOM DoS via a request
with large headers (CVE-2012-2733)
*
http://svn.apache.org/viewvc?view=revision&revision=1356208



Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4/standard/i586/patchinfo.35:

zypper in -t patch 2012-24

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4/standard/i586/patchinfo.35 (noarch):

tomcat6-6.0.32-7.34.1
tomcat6-admin-webapps-6.0.32-7.34.1
tomcat6-docs-webapp-6.0.32-7.34.1
tomcat6-el-1_0-api-6.0.32-7.34.1
tomcat6-javadoc-6.0.32-7.34.1
tomcat6-jsp-2_1-api-6.0.32-7.34.1
tomcat6-lib-6.0.32-7.34.1
tomcat6-servlet-2_5-api-6.0.32-7.34.1
tomcat6-webapps-6.0.32-7.34.1


References:

http://support.novell.com/security/cve/CVE-2009-2693.html
http://support.novell.com/security/cve/CVE-2009-2901.html
http://support.novell.com/security/cve/CVE-2009-2902.html
http://support.novell.com/security/cve/CVE-2012-2733.html
http://support.novell.com/security/cve/CVE-2012-3546.html
http://support.novell.com/security/cve/CVE-2012-4431.html
http://support.novell.com/security/cve/CVE-2012-5568.html
http://support.novell.com/security/cve/CVE-2012-5885.html
http://support.novell.com/security/cve/CVE-2012-5886.html
http://support.novell.com/security/cve/CVE-2012-5887.html
https://bugzilla.novell.com/789406
https://bugzilla.novell.com/791423
https://bugzilla.novell.com/791424
https://bugzilla.novell.com/791426
https://bugzilla.novell.com/791679
https://bugzilla.novell.com/793391
https://bugzilla.novell.com/793394


< Previous Next >
This Thread
  • No further messages