Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in tomcat
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in tomcat
ID: MDVSA-2015:084
Distribution: Mandriva
Plattformen: Mandriva Business Server 2.0
Datum: Sa, 28. März 2015, 11:01
Referenzen: http://advisories.mageia.org/MGASA-2014-0110.html
http://advisories.mageia.org/MGASA-2014-0149.html
http://advisories.mageia.org/MGASA-2014-0268.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227

Originalnachricht

This is a multi-part message in MIME format...

------------=_1427532686-3111-6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:084
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : tomcat
Date : March 28, 2015
Affected: Business Server 2.0
_______________________________________________________________________

Problem Description:

Updated tomcat package fixes security vulnerabilities:

It was discovered that the Apache Commons FileUpload package for Java
could enter an infinite loop while processing a multipart request with
a crafted Content-Type, resulting in a denial-of-service condition
(CVE-2014-0050).

Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding
without properly handling (1) a large total amount of chunked data or
(2) whitespace characters in an HTTP header value within a trailer
field, which allows remote attackers to cause a denial of service by
streaming data (CVE-2013-4322).

Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat
internals information by leveraging the presence of an untrusted web
application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML
document containing an external entity declaration in conjunction
with an entity reference, related to an XML External Entity (XXE)
issue (CVE-2013-4590).

Integer overflow in the parseChunkHeader function in
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in
Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote
attackers to cause a denial of service (resource consumption) via a
malformed chunk size in chunked transfer coding of a request during
the streaming of data (CVE-2014-0075).

java/org/apache/catalina/servlets/DefaultServlet.java in the default
servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not
properly restrict XSLT stylesheets, which allows remote attackers
to bypass security-manager restrictions and read arbitrary files
via a crafted web application that provides an XML external entity
declaration in conjunction with an entity reference, related to an
XML External Entity (XXE) issue (CVE-2014-0096).

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in
Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated
behind a reverse proxy, allows remote attackers to conduct HTTP
request smuggling attacks via a crafted Content-Length HTTP header
(CVE-2014-0099).

Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly
constrain the class loader that accesses the XML parser used with
an XSLT stylesheet, which allows remote attackers to read arbitrary
files via a crafted web application that provides an XML external
entity declaration in conjunction with an entity reference, related
to an XML External Entity (XXE) issue, or read files associated with
different web applications on a single Tomcat instance via a crafted
web application (CVE-2014-0119).

In Apache Tomcat 7.x before 7.0.55, it was possible to craft a
malformed chunk as part of a chunked request that caused Tomcat to
read part of the request body as a new request (CVE-2014-0227).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
http://advisories.mageia.org/MGASA-2014-0110.html
http://advisories.mageia.org/MGASA-2014-0149.html
http://advisories.mageia.org/MGASA-2014-0268.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 2/X86_64:
58f55f0050c7ac4eb3c31308cc62d244 mbs2/x86_64/tomcat-7.0.59-1.mbs2.noarch.rpm
9c28750a8ec902d5bde42748a14d99ab
mbs2/x86_64/tomcat-admin-webapps-7.0.59-1.mbs2.noarch.rpm
b62639d405462dc9f28fd4afe11ddd57
mbs2/x86_64/tomcat-docs-webapp-7.0.59-1.mbs2.noarch.rpm
57b85f852426d5c7e282542165d2ea6f
mbs2/x86_64/tomcat-el-2.2-api-7.0.59-1.mbs2.noarch.rpm
8410dbab11abe4f307576ecd657e427c
mbs2/x86_64/tomcat-javadoc-7.0.59-1.mbs2.noarch.rpm
aaffb8c0cd7d82c6dcb1b0ecc00dc7c8
mbs2/x86_64/tomcat-jsp-2.2-api-7.0.59-1.mbs2.noarch.rpm
538438ca90caa2eb6f49bca3bb6e0e2e
mbs2/x86_64/tomcat-jsvc-7.0.59-1.mbs2.noarch.rpm
9a2d902c3a3e24af3f2da240c42c787f
mbs2/x86_64/tomcat-lib-7.0.59-1.mbs2.noarch.rpm
af5562b305ae7fd1406a9c94c9316cb5
mbs2/x86_64/tomcat-log4j-7.0.59-1.mbs2.noarch.rpm
3349a91a1667f299641e16aed4c3aadc
mbs2/x86_64/tomcat-servlet-3.0-api-7.0.59-1.mbs2.noarch.rpm
4777adcbc177da7e1b8b158d6186141c
mbs2/x86_64/tomcat-webapps-7.0.59-1.mbs2.noarch.rpm
b832a8fcd47ae9fb696ca9424bd2a934 mbs2/SRPMS/tomcat-7.0.59-1.mbs2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFl05mqjQ0CJFipgRAniKAKC/MpUAj48M/7CzWXB4hv87uo99lwCg4Em4
9yRzhuJFw0DWd+dOc4antEU=
=SHMh
-----END PGP SIGNATURE-----


------------=_1427532686-3111-6
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1427532686-3111-6--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung