it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 3670-1] tomcat8 security update
- Date: Thu, 15 Sep 2016 19:27:51 +0200
- List-archive: https://lists.debian.org/msgid-search/20160915172751.GB32051 AT pisco.westfalen.local
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-return-path: <jmm AT inutil.org>
- Priority: urgent
- Resent-date: Thu, 15 Sep 2016 17:28:15 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <J3UJ_oJVk_F.A.9zH.vot2XB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3670-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 15, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : tomcat8
CVE ID : CVE-2016-1240
Dawid Golunski of LegalHackers discovered that the Tomcat init script
performed unsafe file handling, which could result in local privilege
escalation.
For the stable distribution (jessie), this problem has been fixed in
version 8.0.14-1+deb8u3.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your tomcat8 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJX2tmhAAoJEBDCk7bDfE42U14QAJJOSC4b8vtDESjIjSWxODg5
H8CI7SkATzcDlIfPTNCxX4Gn9iAWS8uxjJP7FaUjpsBmzkB1omdzmr6SgCw9mlM0
b0sZXRGRbKDRnXzN0IwTuKI/tuV1s7c5KWfjhGTAJ1SL7foKlwaKXXQemeztouiv
yRmczPp9NlqrifyXGNIqsF47QNbGiJIM5S+N99/u1YHMO1akm4i2f5cKtfIXokU4
7tpY8UoxAqmWJ4u1p9PxmtA71vuP8gsXoN836iM/OtrY9IZlpArzF6qANhOtj85o
ynd7MiPURLutw6Xmp6ZGOpx6or8g4prmjLubsg1tekoQsFI2BJy93oxNj+Wyo7dp
4CG3XF9aM4QAv7JkuRY6vQIeOcN04h48/MPgY2VR8gykh1v+IFj2+dxTBRVeMcm8
Tu5NLwi83iHaqxxM4h49baQiCwnSimTSd9Bbji060jybWQbtSGoY0zW970z7+uP7
reUu50rI8Hl/Ie8pB13S6kzmvIrGUQpCbIjv01LMO014rYMKfQtCfD/j/8gKikrq
6ofo42Xb7D0MfiUn1xy9yAl+wwcer1yaG1MbUCerhWWRMkr0w17etkiCZcSiskeB
LuZ5a+bExkpnMr8RhErnSHTOEqvW+8djQEkN2fXEUv5pUHww55I+tcf8QfqCV6a4
BPq31eJnhbkhvROQIv8E
=Fhnw
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 3670-1] tomcat8 security update, Moritz Muehlenhoff, 15.09.2016
Archiv bereitgestellt durch MHonArc 2.6.19.