Security update for tomcat6
SUSE Security Update: Security update for tomcat6
Tomcat has been updated to version 6.0.41, which brings security and bug
fixes.
The following security fixes have been fixed:
* CVE-2014-0096: A XXE vulnerability via user supplied XSLTs.
* CVE-2014-0099: Request smuggling via malicious content length header.
* CVE-2014-0119: A XML parser hijack by malicious web application.
Bugs fixed:
* Socket bind fails on tomcat startup when using apr (IPV6)
(bnc#881700)
* classpath for org/apache/juli/logging/LogFactory (bnc#844689)
Security Issues:
* CVE-2013-4322
* CVE-2012-3544
* CVE-2014-0099
* CVE-2014-0096
* CVE-2014-0119
| Announcement ID: | SUSE-SU-2014:1015-1 |
| Rating: | moderate |
| References: | #844689 #865746 #880346 #880347 #880348 #881700 |
| Affected Products: |
An update that solves 5 vulnerabilities and has one errata is now available. It includes two new package versions.
Description:
Tomcat has been updated to version 6.0.41, which brings security and bug
fixes.
The following security fixes have been fixed:
* CVE-2014-0096: A XXE vulnerability via user supplied XSLTs.
* CVE-2014-0099: Request smuggling via malicious content length header.
* CVE-2014-0119: A XML parser hijack by malicious web application.
Bugs fixed:
* Socket bind fails on tomcat startup when using apr (IPV6)
(bnc#881700)
* classpath for org/apache/juli/logging/LogFactory (bnc#844689)
Security Issues:
* CVE-2013-4322
* CVE-2012-3544
* CVE-2014-0099
* CVE-2014-0096
* CVE-2014-0119
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-tomcat6-201407-9487 - SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-tomcat6-201407-9487
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.3.3]:
- libtcnative-1-0-1.3.3-12.2.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 6.0.41]:
- tomcat6-6.0.41-0.43.1
- tomcat6-admin-webapps-6.0.41-0.43.1
- tomcat6-docs-webapp-6.0.41-0.43.1
- tomcat6-javadoc-6.0.41-0.43.1
- tomcat6-jsp-2_1-api-6.0.41-0.43.1
- tomcat6-lib-6.0.41-0.43.1
- tomcat6-servlet-2_5-api-6.0.41-0.43.1
- tomcat6-webapps-6.0.41-0.43.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.3.3]:
- libtcnative-1-0-1.3.3-12.2.1
- SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 6.0.41]:
- tomcat6-6.0.41-0.43.1
- tomcat6-admin-webapps-6.0.41-0.43.1
- tomcat6-docs-webapp-6.0.41-0.43.1
- tomcat6-javadoc-6.0.41-0.43.1
- tomcat6-jsp-2_1-api-6.0.41-0.43.1
- tomcat6-lib-6.0.41-0.43.1
- tomcat6-servlet-2_5-api-6.0.41-0.43.1
- tomcat6-webapps-6.0.41-0.43.1
References:
- http://support.novell.com/security/cve/CVE-2012-3544.html
- http://support.novell.com/security/cve/CVE-2013-4322.html
- http://support.novell.com/security/cve/CVE-2014-0096.html
- http://support.novell.com/security/cve/CVE-2014-0099.html
- http://support.novell.com/security/cve/CVE-2014-0119.html
- https://bugzilla.novell.com/844689
- https://bugzilla.novell.com/865746
- https://bugzilla.novell.com/880346
- https://bugzilla.novell.com/880347
- https://bugzilla.novell.com/880348
- https://bugzilla.novell.com/881700
- http://download.suse.com/patch/finder/?keywords=51ab03c9eb3160df8b474d58f755825c