it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 4673-1] tomcat8 security update
- Date: Sun, 3 May 2020 18:29:38 +0000
- List-archive: https://lists.debian.org/msgid-search/20200503182938.GA4907 AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Sun, 3 May 2020 18:29:53 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <BZd9TbD2XUP.A.riE.h2wreB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4673-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 03, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : tomcat8
CVE ID : CVE-2019-17569 CVE-2020-1935 CVE-2020-1938
Several vulnerabilities were discovered in the Tomcat servlet and JSP
engine, which could result in HTTP request smuggling and code execution
in the AJP connector (disabled by default in Debian).
For the oldstable distribution (stretch), these problems have been fixed
in version 8.5.54-0+deb9u1.
We recommend that you upgrade your tomcat8 packages.
For the detailed security status of tomcat8 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tomcat8
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6vDOEACgkQEMKTtsN8
TjaAFRAAoAKw1AMWyaBUnxXpVwYqKvQ4CXcJxHCIAAFSQdMDLosTcKToyE3bzv13
UWZ1O7q4uMYhbyJv+bHzu4QTvWKAHAr/X8rdIe5d9FpzBGczWzAVOby4nLuXHSOj
Y83IdXtXM3DopRcqPS8dUzcoQ8U+fOcmZeIB48IAqbMW+Okum8yxjDW1fVx+hl07
oAOg8tJwdRddGq1/l1hjgsDqqN4y56rG9YNLNGHDrWI8z1iN5Wxf5mGoJjd+ebbc
gSRBxt5UYbiqE1FHVmM2EhSwoCsglYIKWYZQC1cg1WvoKDbqKpXB5TRYGWpB/FDN
5EPqEDJkiNf0+03mg+sa6ccY0bEDNJdZOiQKydopVu4Mh1BQ2oEQfBIc4eXPKCmK
0vV0Wdyfl1jQF4yo4vo7yQr4wbAJjLWJcg6pc/k4pwwZ2/wbnX/vbK+t0GpXfjnl
wPLp47H5Rg9/2xly4zbdRJxA5rS1tQ3ykLCkF5AA4kCLTwXsiFgFD5Ec3va9hw9h
VU15HO9UHDb8PUGGMTVCJzzBIdIREp3zjGI5g4TGU40BubdDaB20cmvKDrl5PFig
rco9lTz9K3ngBRgVs5gNGMCaRhcT90sWuNlMoSFeKx1GMknIMdMjuiVkMpMwdvO/
xZpvx+f3wL09FWzDBcObPxdFzLi0kA8L+refmEJ9jifzwnPWJX4=
=nZPM
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 4673-1] tomcat8 security update, Moritz Muehlenhoff, 03.05.2020
Archiv bereitgestellt durch MHonArc 2.6.19.