Security update for tomcat5

SUSE Security Update: Security update for tomcat5
Announcement ID: SUSE-SU-2013:0228-1
Rating: moderate
References: #791423 #791424 #791426 #791679 #793394
Affected Products:
  • SUSE Linux Enterprise Server 10 SP4
  • SLE SDK 10 SP4

  • An update that solves one vulnerability and has four fixes is now available.

    Description:


    This update of tomcat5 fixed the following security issues:

    * CVE-2012-5885: tomcat: cnonce tracking weakness
    * CVE-2012-5887: tomcat: stale nonce weakness
    * CVE-2012-5886: tomcat: authentication caching weakness
    * CVE-2012-5568: tomcat: affected by slowloris DoS
    * CVE-2012-3546: tomcat: Bypass of security constraints

    Security Issue reference:

    * CVE-2012-5887
    >

    Package List:

    • SUSE Linux Enterprise Server 10 SP4 (noarch):
    • tomcat5-5.5.27-0.22.1
    • tomcat5-admin-webapps-5.5.27-0.22.1
    • tomcat5-webapps-5.5.27-0.22.1
    • SLE SDK 10 SP4 (noarch):
    • tomcat5-5.5.27-0.22.1
    • tomcat5-admin-webapps-5.5.27-0.22.1
    • tomcat5-webapps-5.5.27-0.22.1

    References:

    • http://support.novell.com/security/cve/CVE-2012-5887.html
    • https://bugzilla.novell.com/791423
    • https://bugzilla.novell.com/791424
    • https://bugzilla.novell.com/791426
    • https://bugzilla.novell.com/791679
    • https://bugzilla.novell.com/793394
    • http://download.suse.com/patch/finder/?keywords=cb28ebabe41577ce7048bf358c8a158f