Subject: | |
From: | |
Reply To: | |
Date: | Thu, 10 Mar 2011 13:20:57 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: tomcat6 security and bug fix update
Issue date: 2011-03-09
CVE Names: CVE-2010-4476 CVE-2011-0534
A denial of service flaw was found in the way certain strings were
converted to Double objects. A remote attacker could use this flaw to
cause Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)
A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A
remote attacker could use this flaw to cause a denial of service
(out-of-memory condition) via a specially-crafted request containing a
large NIO buffer size request value. (CVE-2011-0534)
This update also fixes the following bug:
* A bug in the "tomcat6" init script prevented additional Tomcat
instances from starting. As well, running "service tomcat6 start" caused
configuration options applied from "/etc/sysconfig/tomcat6" to be
overwritten with those from "/etc/tomcat6/tomcat6.conf". With this
update, multiple instances of Tomcat run as expected. (BZ#676922)
Tomcat must be restarted for this update to take effect.
SL 6.x
SRPMS:
tomcat6-6.0.24-24.el6_0.src.rpm
i386:
tomcat6-6.0.24-24.el6_0.noarch.rpm
tomcat6-admin-webapps-6.0.24-24.el6_0.noarch.rpm
tomcat6-docs-webapp-6.0.24-24.el6_0.noarch.rpm
tomcat6-el-2.1-api-6.0.24-24.el6_0.noarch.rpm
tomcat6-javadoc-6.0.24-24.el6_0.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-24.el6_0.noarch.rpm
tomcat6-lib-6.0.24-24.el6_0.noarch.rpm
tomcat6-log4j-6.0.24-24.el6_0.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-24.el6_0.noarch.rpm
tomcat6-webapps-6.0.24-24.el6_0.noarch.rpm
x86_64:
tomcat6-6.0.24-24.el6_0.noarch.rpm
tomcat6-admin-webapps-6.0.24-24.el6_0.noarch.rpm
tomcat6-docs-webapp-6.0.24-24.el6_0.noarch.rpm
tomcat6-el-2.1-api-6.0.24-24.el6_0.noarch.rpm
tomcat6-javadoc-6.0.24-24.el6_0.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-24.el6_0.noarch.rpm
tomcat6-lib-6.0.24-24.el6_0.noarch.rpm
tomcat6-log4j-6.0.24-24.el6_0.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-24.el6_0.noarch.rpm
tomcat6-webapps-6.0.24-24.el6_0.noarch.rpm
-Connie Sieh
-Troy Dawson
|
|
|