it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4952-1] tomcat9 security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 4952-1] tomcat9 security update
Date: Mon, 9 Aug 2021 21:06:14 +0000
Authentication-results: mail02.piratenpartei.de; dkim=none; spf=none (mail02.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/20210809210614.GA27586 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=/5PAiIyQX0+uHMz84ompOpGndAbwC2b9DT2pQHWBEKA=; b=nC Zdxu5TTGhl9AnIO8gipyaalRMoE7cllU0eXp/ixkSIElc671uVLOwXsQl4o005c8dAHuN28aGOq0W a2cJ0SCev3rsBIegqv5LJ7fZNk4WG90CinMqqhTzZek8MrcA7ZLMIIdhfmDChk1vFniHIzGTXexsq vTiF75ip2JOExJ5dj6qxvJ7K71qokaZhlbxsqxI6usmDyC2jTSX16UQAGsf/iCA3mItw6i3ANrX9K rPqWoNtmP1TijgEGGlESSfvUkwEPNNON7FnHFteGVGRr9I2d/l3Az6kExKQgDqsOL4B/+lTGUbDHx 1m9yE4wS8UZ/g5ly5v8644mmN4A51DPw==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Mon, 9 Aug 2021 21:06:31 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <cb4gsjB6HzC.A.lsD.WjZEhB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4952-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 09, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : tomcat9
CVE ID : CVE-2021-30640 CVE-2021-33037
Debian Bug : 991046

Two vulnerabilities were discovered in the Tomcat servlet and JSP engine,
which could result in HTTP request smuggling, bypass of logout
restrictions or authentications using variations of a valid user name.

For the stable distribution (buster), these problems have been fixed in
version 9.0.31-1~deb10u5.

We recommend that you upgrade your tomcat9 packages.

For the detailed security status of tomcat9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tomcat9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmERmLEACgkQEMKTtsN8
TjZeMw/9Em+a8hxIgfV6m8svrekc9scclTwKifFNjMU8JPwRHiK/jP7jpz8mwO4W
AiEe+TaIiEhlqjg41G2b7P/2cxJlB2Uetf16dvajv9kZA4MjMVDTXiDKvuqo5uVg
zT7lkwU6jaMDGUd/unZZTwk8jh4imrF11fLCL6bQciwBdDAuiMDiioW526XwK/5u
oUfdu1SJphXNQSkq/d6R7eTOurryFxYrrBswUUsYF5Dk4NhtNuR6pLsRmLVo3sO1
490C/MxLuL/vDMY/5ycqUcBu9JQ4hOADDUClUFcx4/U9soMCTbxsc4OGVlqJAK4W
+IeVNO6Y+miHkQCoeqP3deq+ZCwiHaaPR4Y+pZHmGaSvnG7akG8ZJATZWUB/YdU4
DnNlGxgaIIqxHSZcht9ExSTufwjNiYGCQeuBPVhOsh+DDk4l1m1JJN+5nUwB9/id
SRV3ZmlRLwJu0YcZPdtogrgmfUgpI3rr+M0t+nERDo3gJ5qQIT2shCNjQaNSEcx8
ko/6aELWC546FlncPCjEpCNDGqsEn7BYOzf18JRqlD1/NPYM+eBa1grXqBdYj9oa
Fyl69bY8YU7V8l/aEDvrPDMDStvIvaK2MFtdPvpUQRvU71iuY37CtM5AaaGyOl95
zyNSHUvLzXNOpEWUMTgNKTmTmbRTkCSW71GCgRaVuLthzHN2Bic=
=WmYc
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 4952-1] tomcat9 security update, Moritz Muehlenhoff, 09.08.2021

Archiv bereitgestellt durch MHonArc 2.6.24.