Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4357-1] libapache-mod-jk security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4357-1] libapache-mod-jk security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4357-1] libapache-mod-jk security update
  • Date: Thu, 20 Dec 2018 22:25:19 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1ga6kp-0006aE-L1 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Thu, 20 Dec 2018 22:25:33 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <XtOeLNUyNkP.A.XtD.dbBHcB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4357-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
December 20, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libapache-mod-jk
CVE ID : CVE-2018-11759

Raphael Arrouas and Jean Lejeune discovered an access control bypass
vulnerability in mod_jk, the Apache connector for the Tomcat Java
servlet engine. The vulnerability is addressed by upgrading mod_jk to
the new upstream version 1.2.46, which includes additional changes.


https://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html#Changes_between_1.2.42_and_1.2.43

https://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html#Changes_between_1.2.43_and_1.2.44

https://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html#Changes_between_1.2.44_and_1.2.45

https://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html#Changes_between_1.2.45_and_1.2.46

For the stable distribution (stretch), this problem has been fixed in
version 1:1.2.46-0+deb9u1.

We recommend that you upgrade your libapache-mod-jk packages.

For the detailed security status of libapache-mod-jk please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libapache-mod-jk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlwcFXJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Qu7Q/6A6UGJsGJox6vlwjOso6/n0kSUW+Q/ojIL5O3BkDgxY4SkZ0Aw3OBWuj4
b4WimxndglxjA2/Lx5NPzthA82kSSYVJWkngjlhRCIX1eqFadpHrkXVPb1pBxvQ5
/JJsArO0X01qQQPlqsjSHtWQVDlRsELwycb48B+3u7Si9LUiyg5Z2kaBSanWvYNw
zDwludKjJpvMg8XoqR1dvrycXPK5NDkfqAud22cquog8XCNpc/jDNPMFLHwXQp1H
JJgLpIIJncHB9CPbi+7rMYpNsRBnAQNEcz6LGjsWY7fkgSfJfx/P8ezYjliDY7xf
EzxFDNXj+LHs1xH/7cTkf5+EX+rjU8lonPEAxqXpsZ9OKqGZfUBUAM7dyUWoMAMI
W0EB1Hr3ysa69V5EjGMdp2djH56OcMAAYB/uHu+R0p4YrE0Ivkx5XfUglnYLa9Wa
X9+jVf5Unp4qRNuCVwaI2k9P2u60UZezYx6hjMG81nxkZLDg6CAzDcVqGYR+dS4D
Z8wY0ya6NOMwnrkhuJfTX1LONbkwgzvNh/EvAZNduy6r8x62Sff7PVtaRWf2LjXq
sjjs9IT9Tc7Ta96GcR/nXkLc+VVdefvf2hZ29BDhEWovYhnb9X4k8Wsd2e/x4NFW
uz4nNmazB9Yyj1QD3G5DN7tfIoJ+iSuqIWtJqLIiOY7/VO+scPs=
=CyjI
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4357-1] libapache-mod-jk security update, Salvatore Bonaccorso, 20.12.2018

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang