drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen von Code mit höheren Privilegien in tomcat8
Name: |
Ausführen von Code mit höheren Privilegien in tomcat8 |
|
ID: |
DSA-3428-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian jessie, Debian stretch |
|
Datum: |
Sa, 19. Dezember 2015, 02:07 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810 |
|
Applikationen: |
Apache Tomcat |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3428-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 18, 2015 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : tomcat8 CVE ID : CVE-2014-7810
It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. For the stable distribution (jessie), this problem has been fixed in version 8.0.14-1+deb8u1.
For the testing distribution (stretch), this problem has been fixed in version 8.0.21-2.
For the unstable distribution (sid), this problem has been fixed in version 8.0.21-2.
We recommend that you upgrade your tomcat8 packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJWdHblAAoJEBDCk7bDfE42uk0P/1ru4eTUHe7EYR3Bw/P/YoX2 G3jaGfxPiyS4t5sXWFmlJsz6ggCxWtjIjsAVVzDGZirrhlnw/9iwpISUGRm3iuPk MlKeFp+tRFzMxO4f4Rh+IgIWPP9Bbktq25vfgv7urujMMQYUz05iiO8PwXHnfeG4 tepkelVayBXKmbVFlGTwNQr1Byhm+/t72JjbvziF12ghHEdh4QzmkrSjOPOuxGs9 FXlkK8x5Tq+Y1fmwSDq1vEtWdW97nJ1TdhjPRoA5LbQddnU0dfWstxdT+sGu7ZMc redjYg431xKhNZ7m+wYpTuvyFkuSsWDZ8vWIznBAurhLn8zwdAuE6dhIjFFsU5KV uYEN1e1wzAFZxCMRu0q8HAMhLVy3eJLvKbcswiv9sCy/HxE3TkETZyrKqOrccs0S uO51Gq06zEUjFTOnVmu7M0Zx2yYDY10Ow/CiJFQrqTZ2TtXklFwfcxFyZpuHzH/4 xQeRlMXebVb6A67rKMnwPV8qW0iog0lM3VNBgYCuqlDgdBRw/conuCnqR4brRlLy 53crISZqUS4xsyVelSlq03yhewPqEw79meVlpKBWhAF65xM2CoWspmzXe16UbI8S SSy8KcOTX4lHQ8Ry0ftZdTNlMwwhseXZFDzU8gPJHFQecmYsXJp4CyQbh0Y4LIMR aN7VDUk2ShOfmrkJc5v3 =U1f0 -----END PGP SIGNATURE-----
|
|
|
|