Synopsis:          Moderate: tomcat6 security and bug fix update
Advisory ID:       SLSA-2016:0492-1
Issue Date:        2016-03-23
CVE Numbers:       CVE-2014-7810
--

It was found that the expression language resolver evaluated expressions
within a privileged code section. A malicious web application could use
this flaw to bypass security manager protections. (CVE-2014-7810)

This update also fixes the following bug:

* Previously, using a New I/O (NIO) connector in the Apache Tomcat 6
servlet resulted in a large memory leak. An upstream patch has been
applied to fix this bug, and the memory leak no longer occurs.

Tomcat must be restarted for this update to take effect.
--

SL6
  x86_64
    tomcat6-6.0.24-94.el6_7.x86_64.rpm
    tomcat6-admin-webapps-6.0.24-94.el6_7.x86_64.rpm
    tomcat6-debuginfo-6.0.24-94.el6_7.x86_64.rpm
    tomcat6-docs-webapp-6.0.24-94.el6_7.x86_64.rpm
    tomcat6-el-2.1-api-6.0.24-94.el6_7.x86_64.rpm
    tomcat6-javadoc-6.0.24-94.el6_7.x86_64.rpm
    tomcat6-jsp-2.1-api-6.0.24-94.el6_7.x86_64.rpm
    tomcat6-lib-6.0.24-94.el6_7.x86_64.rpm
    tomcat6-servlet-2.5-api-6.0.24-94.el6_7.x86_64.rpm
    tomcat6-webapps-6.0.24-94.el6_7.x86_64.rpm
  i386
    tomcat6-6.0.24-94.el6_7.i686.rpm
    tomcat6-admin-webapps-6.0.24-94.el6_7.i686.rpm
    tomcat6-debuginfo-6.0.24-94.el6_7.i686.rpm
    tomcat6-docs-webapp-6.0.24-94.el6_7.i686.rpm
    tomcat6-el-2.1-api-6.0.24-94.el6_7.i686.rpm
    tomcat6-javadoc-6.0.24-94.el6_7.i686.rpm
    tomcat6-jsp-2.1-api-6.0.24-94.el6_7.i686.rpm
    tomcat6-lib-6.0.24-94.el6_7.i686.rpm
    tomcat6-servlet-2.5-api-6.0.24-94.el6_7.i686.rpm
    tomcat6-webapps-6.0.24-94.el6_7.i686.rpm

- Scientific Linux Development Team