it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Markus Koschany <apo AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5522-3] tomcat9 regression update
- Date: Mon, 16 Oct 2023 21:36:38 +0000
- Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/ZS2s5rAy338joZy4 AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=73cNsdpdwWUPMbeZtwdtn1irLjFm+1CWN3FQSSS7y/w=; b=bt JFLNeYXpkCw1c6Eidm2EPltXaQzvsGgmdivwxsMHcQPaSBNKzqv6Ee55bXE6VJ8zuGZxCzNwjarf0 8cfL6fz3uCORzkgn4MA9PlOkni4+XUUHqs42HlqO8iGilo6PNiyQvt7TiURXmLmjp3bNnXdit4eO4 zzCk9UhvSlHcbHbCeIX2GGfkgcGh8kB4/1PWk5byeF3m/jiBOutJneC+vWHcuo9YKautXRzR41Msg mEPgNcOuIEFMa4qkzXhvZ8MC0Hz95g2UG1reiWO8nS5vNLGd/PBxBwleaERqlXcpQBlkXuSbPIHL9 +k1l+ozpdebH846HKXGOi3h1T2pl4Wgg==;
- Old-return-path: <apo AT seger.debian.org>
- Priority: urgent
- Resent-date: Mon, 16 Oct 2023 21:54:15 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <6AmPg2ZwEhC.A.56C.GEbLlB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5522-3 security AT debian.org
https://www.debian.org/security/ Markus Koschany
October 16, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : tomcat9
CVE ID : CVE-2023-44487
A regression was discovered in the Http2UpgradeHandler class of Tomcat 9
introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong
value for the overheadcount variable forced HTTP2 connections to close early.
For the oldstable distribution (bullseye), this problem has been fixed
in version 9.0.43-2~deb11u9.
We recommend that you upgrade your tomcat9 packages.
For the detailed security status of tomcat9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tomcat9
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUtrGRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRklBAAg7AmsDgaOQ6E4PR41JewkEIlV/n/jfqEkhHXRxG9zG4yijcszgTcF3Ii
rf3lBgytAMlSD7dRyy9HG6tRpgMTaajEgeAZdeL01mQf0JnJMg3WPZbkDV9kgyzy
TMhKjMwaSi65nuBETud5OTZIVsnpaonWsQsTxjaIrbdGnQFJrr13cRVKrY8aT5Ur
AxtxTFL8FGQxU+RgTehV5KMbtCY9kZhemwyQ6LRk1UstWhype8/ydK7UCaQEJ777
zyl7ioGvv15GmZMMJCZ1zH0Z6FXlhbVDLCcVshJN3/ddlVTC9Xx10lCEx/hZY29x
b6Stq/YMayZMoKQY2V3JeQbM3OMCPalpcPU+/WbhuX9eZuWHapnlyTwgsjQOVLNc
prPfuUAAGCmNFuPMqN//EtmSQV5SP+dqJrwcGMxWDmuagB4qD9nbwtr1zNb5QJpK
rK24yHlY3Pmu1yegPIeZIJxuFMc5N5cIDj7BfKY51nnV5kbHRshSacBmbm4Sxvfv
lqEPeqZKogGIAXvmPSeC1gCoL0l98rKVOq3bc8+9z2TgB7W/vB60/IyM1pR8svPu
+ShPWFh+tkWvt4PjgZ+qThM+xGkcMX12lhRDmFhs4rE8IQIDChiZWBMReggtw6Ii
ETuYDmr5EAd5u5ymMyQmououeNKwRDi4AbGRPV7JddIVkcbUxgk=
=ENCN
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5522-3] tomcat9 regression update, Markus Koschany, 16.10.2023
Archiv bereitgestellt durch MHonArc 2.6.24.