SUSE-SU-2014:1015-1: moderate: Security update for tomcat6

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Aug 13 11:04:14 MDT 2014


   SUSE Security Update: Security update for tomcat6
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:1015-1
Rating:             moderate
References:         #844689 #865746 #880346 #880347 #880348 #881700 
                    
Cross-References:   CVE-2012-3544 CVE-2013-4322 CVE-2014-0096
                    CVE-2014-0099 CVE-2014-0119
Affected Products:
                    SUSE Linux Enterprise Server 11 SP3 for VMware
                    SUSE Linux Enterprise Server 11 SP3
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has one errata
   is now available. It includes two new package versions.

Description:


   Tomcat has been updated to version 6.0.41, which brings security and bug
   fixes.

   The following security fixes have been fixed:

       * CVE-2014-0096: A XXE vulnerability via user supplied XSLTs.
       * CVE-2014-0099: Request smuggling via malicious content length header.
       * CVE-2014-0119: A XML parser hijack by malicious web application.

   Bugs fixed:

       * Socket bind fails on tomcat startup when using apr (IPV6)
         (bnc#881700)
       * classpath for org/apache/juli/logging/LogFactory (bnc#844689)

   Security Issues:

       * CVE-2013-4322
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322>
       * CVE-2012-3544
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544>
       * CVE-2014-0099
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099>
       * CVE-2014-0096
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096>
       * CVE-2014-0119
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119>


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP3 for VMware:

      zypper in -t patch slessp3-tomcat6-201407-9487

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-tomcat6-201407-9487

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.3.3]:

      libtcnative-1-0-1.3.3-12.2.1

   - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 6.0.41]:

      tomcat6-6.0.41-0.43.1
      tomcat6-admin-webapps-6.0.41-0.43.1
      tomcat6-docs-webapp-6.0.41-0.43.1
      tomcat6-javadoc-6.0.41-0.43.1
      tomcat6-jsp-2_1-api-6.0.41-0.43.1
      tomcat6-lib-6.0.41-0.43.1
      tomcat6-servlet-2_5-api-6.0.41-0.43.1
      tomcat6-webapps-6.0.41-0.43.1

   - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.3.3]:

      libtcnative-1-0-1.3.3-12.2.1

   - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 6.0.41]:

      tomcat6-6.0.41-0.43.1
      tomcat6-admin-webapps-6.0.41-0.43.1
      tomcat6-docs-webapp-6.0.41-0.43.1
      tomcat6-javadoc-6.0.41-0.43.1
      tomcat6-jsp-2_1-api-6.0.41-0.43.1
      tomcat6-lib-6.0.41-0.43.1
      tomcat6-servlet-2_5-api-6.0.41-0.43.1
      tomcat6-webapps-6.0.41-0.43.1


References:

   http://support.novell.com/security/cve/CVE-2012-3544.html
   http://support.novell.com/security/cve/CVE-2013-4322.html
   http://support.novell.com/security/cve/CVE-2014-0096.html
   http://support.novell.com/security/cve/CVE-2014-0099.html
   http://support.novell.com/security/cve/CVE-2014-0119.html
   https://bugzilla.novell.com/844689
   https://bugzilla.novell.com/865746
   https://bugzilla.novell.com/880346
   https://bugzilla.novell.com/880347
   https://bugzilla.novell.com/880348
   https://bugzilla.novell.com/881700
   http://download.suse.com/patch/finder/?keywords=51ab03c9eb3160df8b474d58f755825c



More information about the sle-security-updates mailing list