Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4835-1] tomcat9 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4835-1] tomcat9 security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4835-1] tomcat9 security update
  • Date: Fri, 22 Jan 2021 18:48:45 +0000
  • List-archive: https://lists.debian.org/msgid-search/20210122184845.GB909 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=xz81OfXDJUL3CIXtCNnW0PhkFe4cLA/31K6mJO54z8A=; b=ka dk3vo/Jwmh7+phc/9TyuaiqF0oLiyA6TR04BYM9VP+ZhzGFHPxYzy2Nfo+ILEcm34PYpI/mspVXBp hLR58183/bt/QEgJVcWH/qzSx1dnmb1QzqzZNoFzm0Dftr+CXh9oZRUudoVrfzGRjisf6LclzFkla L3goMrP8KRMQgCF1vmQ23VpxaEh6hp4j4jOCkRrDuNBqIE6SAjhv5UpsXxxz4Ztspy/sGXhOb1U+T 14UPFg5XJrmwDrlWlr17ePNQo4ilngG3s1ImBN9taIkGSiegD9tSSooAcj7H5ypw06FIHNr2V+miu 6SaGdONiXlQYKIJDSCLs7Puh6I1nDsKg==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Fri, 22 Jan 2021 18:49:04 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <f96O9mVUFdP.A.tNG.g4xCgB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4835-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 22, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : tomcat9
CVE ID : CVE-2020-13943 CVE-2020-17527

Two vulnerabilities were discovered in the Tomcat servlet and JSP
engine, which could result in information disclosure.

For the stable distribution (buster), these problems have been fixed in
version 9.0.31-1~deb10u3.

We recommend that you upgrade your tomcat9 packages.

For the detailed security status of tomcat9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tomcat9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmALHM4ACgkQEMKTtsN8
TjbyVhAAsRMdG5035DP9mdfaw5st0w7DBICe6XmZJyM3aHGZCVpH0zXaPEVcI/xn
oGiTZTPFiBbS3VpaUSREzCIolNov/wVm9Izly+HYHufVnNRTnd7H9DRL5h72jcjL
SiyPNLKtN9xlm/2rzOwyAnNrqw/CSzr4jSsJ0Q25cHuwlJzIOap2uBFx6yELgktK
EyfN9yPgQXVa46DVPnOWDocO/DjRbILfP3QRHZ9yITNtxfde/KUOi5kpznWDiYV9
FD4CUN/0/PKS8391oa7upMOaYQSnyi/l70kKlQle03f0/5zMMs13TU7kttyYJ+2L
qWQaWcnCDC+CxmvLZYkOEbp+hspJpSkJev3pMCeoPzEGzVPP7ELI92niq4XBZAvv
Q09tmQ2XjDw6T78oSGk+iaWWKyxjvIlFOvGPANR1yXp78p7abegJvDDXcFRCEQc/
OCMf8FUjIOCkXjEZNugbEyhD0W/jScqi22d7oPMaslmBBbnd/XGJvfMRS2VXQkBk
yzMdqfgEwLMzKMcHw3ZzhKaw1zARbJ4r3imohUc+nrw+0r+tOdqxT3geRTMFgXLI
rOMxlbSYTSJFb90uVIH73NsERbjr1BqufK2zG2hbnmFA5KG3Tq+kuEwkCxVYdc5C
JBy5onP64pXnlZZKQfDZ7rc5n5BCAceVaJebBLW1oEXlA8ivooU=
=AUbU
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4835-1] tomcat9 security update, Moritz Muehlenhoff, 22.01.2021

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang