Synopsis:          Moderate: tomcat6 security and bug fix update
Advisory ID:       SLSA-2015:0991-1
Issue Date:        2015-05-12
CVE Numbers:       CVE-2014-0227
--

It was discovered that the ChunkedInputFilter in Tomcat did not fail
subsequent attempts to read input after malformed chunked encoding was
detected. A remote attacker could possibly use this flaw to make Tomcat
process part of the request body as new request, or cause a denial of
service. (CVE-2014-0227)

This update also fixes the following bug:

* Before this update, the tomcat6 init script did not try to kill the
tomcat process if an attempt to stop it was unsuccessful, which would
prevent tomcat from restarting properly. The init script was modified to
correct this issue.

Tomcat must be restarted for this update to take effect.
--

SL6
  x86_64
    tomcat6-admin-webapps-6.0.24-83.el6_6.x86_64.rpm
    tomcat6-javadoc-6.0.24-83.el6_6.x86_64.rpm
    tomcat6-jsp-2.1-api-6.0.24-83.el6_6.x86_64.rpm
    tomcat6-el-2.1-api-6.0.24-83.el6_6.x86_64.rpm
    tomcat6-docs-webapp-6.0.24-83.el6_6.x86_64.rpm
    tomcat6-servlet-2.5-api-6.0.24-83.el6_6.x86_64.rpm
    tomcat6-6.0.24-83.el6_6.x86_64.rpm
    tomcat6-webapps-6.0.24-83.el6_6.x86_64.rpm
    tomcat6-lib-6.0.24-83.el6_6.x86_64.rpm
    tomcat6-debuginfo-6.0.24-83.el6_6.x86_64.rpm
  i386
    tomcat6-servlet-2.5-api-6.0.24-83.el6_6.i686.rpm
    tomcat6-jsp-2.1-api-6.0.24-83.el6_6.i686.rpm
    tomcat6-javadoc-6.0.24-83.el6_6.i686.rpm
    tomcat6-docs-webapp-6.0.24-83.el6_6.i686.rpm
    tomcat6-admin-webapps-6.0.24-83.el6_6.i686.rpm
    tomcat6-el-2.1-api-6.0.24-83.el6_6.i686.rpm
    tomcat6-lib-6.0.24-83.el6_6.i686.rpm
    tomcat6-webapps-6.0.24-83.el6_6.i686.rpm
    tomcat6-6.0.24-83.el6_6.i686.rpm
    tomcat6-debuginfo-6.0.24-83.el6_6.i686.rpm
  srpm
    tomcat6-6.0.24-83.el6_6.src.rpm
  noarch
    tomcat6-debuginfo-6.0.24-83.el6_6.x86_64.rpm
    tomcat6-debuginfo-6.0.24-83.el6_6.i686.rpm

- Scientific Linux Development Team