SUSE-SU-2014:1015-1: moderate: Security update for tomcat6
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Aug 13 11:04:14 MDT 2014
SUSE Security Update: Security update for tomcat6
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:1015-1
Rating: moderate
References: #844689 #865746 #880346 #880347 #880348 #881700
Cross-References: CVE-2012-3544 CVE-2013-4322 CVE-2014-0096
CVE-2014-0099 CVE-2014-0119
Affected Products:
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
______________________________________________________________________________
An update that solves 5 vulnerabilities and has one errata
is now available. It includes two new package versions.
Description:
Tomcat has been updated to version 6.0.41, which brings security and bug
fixes.
The following security fixes have been fixed:
* CVE-2014-0096: A XXE vulnerability via user supplied XSLTs.
* CVE-2014-0099: Request smuggling via malicious content length header.
* CVE-2014-0119: A XML parser hijack by malicious web application.
Bugs fixed:
* Socket bind fails on tomcat startup when using apr (IPV6)
(bnc#881700)
* classpath for org/apache/juli/logging/LogFactory (bnc#844689)
Security Issues:
* CVE-2013-4322
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322>
* CVE-2012-3544
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544>
* CVE-2014-0099
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099>
* CVE-2014-0096
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096>
* CVE-2014-0119
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-tomcat6-201407-9487
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-tomcat6-201407-9487
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.3.3]:
libtcnative-1-0-1.3.3-12.2.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 6.0.41]:
tomcat6-6.0.41-0.43.1
tomcat6-admin-webapps-6.0.41-0.43.1
tomcat6-docs-webapp-6.0.41-0.43.1
tomcat6-javadoc-6.0.41-0.43.1
tomcat6-jsp-2_1-api-6.0.41-0.43.1
tomcat6-lib-6.0.41-0.43.1
tomcat6-servlet-2_5-api-6.0.41-0.43.1
tomcat6-webapps-6.0.41-0.43.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.3.3]:
libtcnative-1-0-1.3.3-12.2.1
- SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 6.0.41]:
tomcat6-6.0.41-0.43.1
tomcat6-admin-webapps-6.0.41-0.43.1
tomcat6-docs-webapp-6.0.41-0.43.1
tomcat6-javadoc-6.0.41-0.43.1
tomcat6-jsp-2_1-api-6.0.41-0.43.1
tomcat6-lib-6.0.41-0.43.1
tomcat6-servlet-2_5-api-6.0.41-0.43.1
tomcat6-webapps-6.0.41-0.43.1
References:
http://support.novell.com/security/cve/CVE-2012-3544.html
http://support.novell.com/security/cve/CVE-2013-4322.html
http://support.novell.com/security/cve/CVE-2014-0096.html
http://support.novell.com/security/cve/CVE-2014-0099.html
http://support.novell.com/security/cve/CVE-2014-0119.html
https://bugzilla.novell.com/844689
https://bugzilla.novell.com/865746
https://bugzilla.novell.com/880346
https://bugzilla.novell.com/880347
https://bugzilla.novell.com/880348
https://bugzilla.novell.com/881700
http://download.suse.com/patch/finder/?keywords=51ab03c9eb3160df8b474d58f755825c
More information about the sle-security-updates
mailing list