Security update for tomcat6
SUSE Security Update: Security update for tomcat6
This update of tomcat6 fixes:
* apache-tomcat-CVE-2012-3544.patch (bnc#831119)
* use chown --no-dereference to prevent symlink attacks
on log (bnc#822177#c7/prevents CVE-2013-1976)
* Fix tomcat init scripts generating malformed
classpath ( http://youtrack.jetbrains.com/issue/JT-18545
) bnc#804992
(patch from m407)
* fix a typo in initscript (bnc#768772 )
* copy all shell scripts (bnc#818948)
Security Issue references:
* CVE-2012-3544
>
* CVE-2013-1976
>
* CVE-2012-0022
>
| Announcement ID: | SUSE-SU-2013:1374-1 |
| Rating: | moderate |
| References: | #768772 #804992 #818948 #822177 #831119 |
| Affected Products: |
An update that solves three vulnerabilities and has two fixes is now available.
Description:
This update of tomcat6 fixes:
* apache-tomcat-CVE-2012-3544.patch (bnc#831119)
* use chown --no-dereference to prevent symlink attacks
on log (bnc#822177#c7/prevents CVE-2013-1976)
* Fix tomcat init scripts generating malformed
classpath ( http://youtrack.jetbrains.com/issue/JT-18545
(patch from m407)
* fix a typo in initscript (bnc#768772 )
* copy all shell scripts (bnc#818948)
Security Issue references:
* CVE-2012-3544
* CVE-2013-1976
* CVE-2012-0022
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager 1.2 for SLE 11 SP1:
zypper in -t patch sleman12sp1-tomcat6-8154 - SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-tomcat6-8156 - SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-tomcat6-8156 - SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-tomcat6-8155 - SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-tomcat6-8155
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager 1.2 for SLE 11 SP1 (noarch):
- tomcat6-6.0.18-20.35.42.1
- tomcat6-jsp-2_1-api-6.0.18-20.35.42.1
- tomcat6-lib-6.0.18-20.35.42.1
- tomcat6-servlet-2_5-api-6.0.18-20.35.42.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (noarch):
- tomcat6-6.0.18-20.35.42.1
- tomcat6-admin-webapps-6.0.18-20.35.42.1
- tomcat6-docs-webapp-6.0.18-20.35.42.1
- tomcat6-javadoc-6.0.18-20.35.42.1
- tomcat6-jsp-2_1-api-6.0.18-20.35.42.1
- tomcat6-lib-6.0.18-20.35.42.1
- tomcat6-servlet-2_5-api-6.0.18-20.35.42.1
- tomcat6-webapps-6.0.18-20.35.42.1
- SUSE Linux Enterprise Server 11 SP3 (noarch):
- tomcat6-6.0.18-20.35.42.1
- tomcat6-admin-webapps-6.0.18-20.35.42.1
- tomcat6-docs-webapp-6.0.18-20.35.42.1
- tomcat6-javadoc-6.0.18-20.35.42.1
- tomcat6-jsp-2_1-api-6.0.18-20.35.42.1
- tomcat6-lib-6.0.18-20.35.42.1
- tomcat6-servlet-2_5-api-6.0.18-20.35.42.1
- tomcat6-webapps-6.0.18-20.35.42.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (noarch):
- tomcat6-6.0.18-20.35.42.1
- tomcat6-admin-webapps-6.0.18-20.35.42.1
- tomcat6-docs-webapp-6.0.18-20.35.42.1
- tomcat6-javadoc-6.0.18-20.35.42.1
- tomcat6-jsp-2_1-api-6.0.18-20.35.42.1
- tomcat6-lib-6.0.18-20.35.42.1
- tomcat6-servlet-2_5-api-6.0.18-20.35.42.1
- tomcat6-webapps-6.0.18-20.35.42.1
- SUSE Linux Enterprise Server 11 SP2 (noarch):
- tomcat6-6.0.18-20.35.42.1
- tomcat6-admin-webapps-6.0.18-20.35.42.1
- tomcat6-docs-webapp-6.0.18-20.35.42.1
- tomcat6-javadoc-6.0.18-20.35.42.1
- tomcat6-jsp-2_1-api-6.0.18-20.35.42.1
- tomcat6-lib-6.0.18-20.35.42.1
- tomcat6-servlet-2_5-api-6.0.18-20.35.42.1
- tomcat6-webapps-6.0.18-20.35.42.1
References:
- http://support.novell.com/security/cve/CVE-2012-0022.html
- http://support.novell.com/security/cve/CVE-2012-3544.html
- http://support.novell.com/security/cve/CVE-2013-1976.html
- https://bugzilla.novell.com/768772
- https://bugzilla.novell.com/804992
- https://bugzilla.novell.com/818948
- https://bugzilla.novell.com/822177
- https://bugzilla.novell.com/831119
- http://download.suse.com/patch/finder/?keywords=12b24e7d9af803f495821f7913c74791
- http://download.suse.com/patch/finder/?keywords=a5246128c8e50844e60161cb307cf899
- http://download.suse.com/patch/finder/?keywords=ba897d3a71e20b3c4589c544b8b8a1f2