 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Wed, 13 May 2015 15:37:58 +0000 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: tomcat6 security and bug fix update
Advisory ID: SLSA-2015:0991-1
Issue Date: 2015-05-12
CVE Numbers: CVE-2014-0227
--
It was discovered that the ChunkedInputFilter in Tomcat did not fail
subsequent attempts to read input after malformed chunked encoding was
detected. A remote attacker could possibly use this flaw to make Tomcat
process part of the request body as new request, or cause a denial of
service. (CVE-2014-0227)
This update also fixes the following bug:
* Before this update, the tomcat6 init script did not try to kill the
tomcat process if an attempt to stop it was unsuccessful, which would
prevent tomcat from restarting properly. The init script was modified to
correct this issue.
Tomcat must be restarted for this update to take effect.
--
SL6
x86_64
tomcat6-admin-webapps-6.0.24-83.el6_6.x86_64.rpm
tomcat6-javadoc-6.0.24-83.el6_6.x86_64.rpm
tomcat6-jsp-2.1-api-6.0.24-83.el6_6.x86_64.rpm
tomcat6-el-2.1-api-6.0.24-83.el6_6.x86_64.rpm
tomcat6-docs-webapp-6.0.24-83.el6_6.x86_64.rpm
tomcat6-servlet-2.5-api-6.0.24-83.el6_6.x86_64.rpm
tomcat6-6.0.24-83.el6_6.x86_64.rpm
tomcat6-webapps-6.0.24-83.el6_6.x86_64.rpm
tomcat6-lib-6.0.24-83.el6_6.x86_64.rpm
tomcat6-debuginfo-6.0.24-83.el6_6.x86_64.rpm
i386
tomcat6-servlet-2.5-api-6.0.24-83.el6_6.i686.rpm
tomcat6-jsp-2.1-api-6.0.24-83.el6_6.i686.rpm
tomcat6-javadoc-6.0.24-83.el6_6.i686.rpm
tomcat6-docs-webapp-6.0.24-83.el6_6.i686.rpm
tomcat6-admin-webapps-6.0.24-83.el6_6.i686.rpm
tomcat6-el-2.1-api-6.0.24-83.el6_6.i686.rpm
tomcat6-lib-6.0.24-83.el6_6.i686.rpm
tomcat6-webapps-6.0.24-83.el6_6.i686.rpm
tomcat6-6.0.24-83.el6_6.i686.rpm
tomcat6-debuginfo-6.0.24-83.el6_6.i686.rpm
srpm
tomcat6-6.0.24-83.el6_6.src.rpm
noarch
tomcat6-debuginfo-6.0.24-83.el6_6.x86_64.rpm
tomcat6-debuginfo-6.0.24-83.el6_6.i686.rpm
- Scientific Linux Development Team
|
|
|
