SUSE-SU-2013:1374-1: moderate: Security update for tomcat6
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Aug 22 20:04:13 MDT 2013
SUSE Security Update: Security update for tomcat6
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1374-1
Rating: moderate
References: #768772 #804992 #818948 #822177 #831119
Cross-References: CVE-2012-0022 CVE-2012-3544 CVE-2013-1976
Affected Products:
SUSE Manager 1.2 for SLE 11 SP1
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
______________________________________________________________________________
An update that solves three vulnerabilities and has two
fixes is now available.
Description:
This update of tomcat6 fixes:
* apache-tomcat-CVE-2012-3544.patch (bnc#831119)
* use chown --no-dereference to prevent symlink attacks
on log (bnc#822177#c7/prevents CVE-2013-1976)
* Fix tomcat init scripts generating malformed
classpath ( http://youtrack.jetbrains.com/issue/JT-18545
<http://youtrack.jetbrains.com/issue/JT-18545> ) bnc#804992
(patch from m407)
* fix a typo in initscript (bnc#768772 )
* copy all shell scripts (bnc#818948)
Security Issue references:
* CVE-2012-3544
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544
>
* CVE-2013-1976
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976
>
* CVE-2012-0022
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager 1.2 for SLE 11 SP1:
zypper in -t patch sleman12sp1-tomcat6-8154
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-tomcat6-8156
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-tomcat6-8156
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-tomcat6-8155
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-tomcat6-8155
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager 1.2 for SLE 11 SP1 (noarch):
tomcat6-6.0.18-20.35.42.1
tomcat6-jsp-2_1-api-6.0.18-20.35.42.1
tomcat6-lib-6.0.18-20.35.42.1
tomcat6-servlet-2_5-api-6.0.18-20.35.42.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (noarch):
tomcat6-6.0.18-20.35.42.1
tomcat6-admin-webapps-6.0.18-20.35.42.1
tomcat6-docs-webapp-6.0.18-20.35.42.1
tomcat6-javadoc-6.0.18-20.35.42.1
tomcat6-jsp-2_1-api-6.0.18-20.35.42.1
tomcat6-lib-6.0.18-20.35.42.1
tomcat6-servlet-2_5-api-6.0.18-20.35.42.1
tomcat6-webapps-6.0.18-20.35.42.1
- SUSE Linux Enterprise Server 11 SP3 (noarch):
tomcat6-6.0.18-20.35.42.1
tomcat6-admin-webapps-6.0.18-20.35.42.1
tomcat6-docs-webapp-6.0.18-20.35.42.1
tomcat6-javadoc-6.0.18-20.35.42.1
tomcat6-jsp-2_1-api-6.0.18-20.35.42.1
tomcat6-lib-6.0.18-20.35.42.1
tomcat6-servlet-2_5-api-6.0.18-20.35.42.1
tomcat6-webapps-6.0.18-20.35.42.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (noarch):
tomcat6-6.0.18-20.35.42.1
tomcat6-admin-webapps-6.0.18-20.35.42.1
tomcat6-docs-webapp-6.0.18-20.35.42.1
tomcat6-javadoc-6.0.18-20.35.42.1
tomcat6-jsp-2_1-api-6.0.18-20.35.42.1
tomcat6-lib-6.0.18-20.35.42.1
tomcat6-servlet-2_5-api-6.0.18-20.35.42.1
tomcat6-webapps-6.0.18-20.35.42.1
- SUSE Linux Enterprise Server 11 SP2 (noarch):
tomcat6-6.0.18-20.35.42.1
tomcat6-admin-webapps-6.0.18-20.35.42.1
tomcat6-docs-webapp-6.0.18-20.35.42.1
tomcat6-javadoc-6.0.18-20.35.42.1
tomcat6-jsp-2_1-api-6.0.18-20.35.42.1
tomcat6-lib-6.0.18-20.35.42.1
tomcat6-servlet-2_5-api-6.0.18-20.35.42.1
tomcat6-webapps-6.0.18-20.35.42.1
References:
http://support.novell.com/security/cve/CVE-2012-0022.html
http://support.novell.com/security/cve/CVE-2012-3544.html
http://support.novell.com/security/cve/CVE-2013-1976.html
https://bugzilla.novell.com/768772
https://bugzilla.novell.com/804992
https://bugzilla.novell.com/818948
https://bugzilla.novell.com/822177
https://bugzilla.novell.com/831119
http://download.novell.com/patch/finder/?keywords=12b24e7d9af803f495821f7913c74791
http://download.novell.com/patch/finder/?keywords=a5246128c8e50844e60161cb307cf899
http://download.novell.com/patch/finder/?keywords=ba897d3a71e20b3c4589c544b8b8a1f2
More information about the sle-security-updates
mailing list