Gentoo Linux Security Advisory 201412-29

Gentoo Linux Security Advisory 201412-29: Posted Dec 15, 2014; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201412-29 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Versions less than 7.0.56 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2012-2733, CVE-2012-3544, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887, CVE-2013-2067, CVE-2013-2071, CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033, CVE-2014-0050, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119; SHA-256 | 812d31eb8958cb4cc614f89b209201bd059c54668a58d0182c6f4a98085d268e; Download | Favorite | View

Gentoo Linux Security Advisory 201412-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201412-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Apache Tomcat: Multiple vulnerabilities
     Date: December 15, 2014
     Bugs: #442014, #469434, #500600, #511762, #517630, #519590
       ID: 201412-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Apache Tomcat, the worst of
which may result in Denial of Service.

Background
==========

Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-servers/tomcat           < 7.0.56                 *>= 6.0.41
                                                            >= 7.0.56

Description
===========

Multiple vulnerabilities have been discovered in Tomcat. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker may be able to cause a Denial of Service condition as
well as obtain sensitive information, bypass protection mechanisms and
authentication restrictions.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Tomcat 6.0.x users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41"

All Tomcat 7.0.x users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56"

References
==========

[  1 ] CVE-2012-2733
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733
[  2 ] CVE-2012-3544
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544
[  3 ] CVE-2012-3546
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546
[  4 ] CVE-2012-4431
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431
[  5 ] CVE-2012-4534
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534
[  6 ] CVE-2012-5885
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885
[  7 ] CVE-2012-5886
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886
[  8 ] CVE-2012-5887
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887
[  9 ] CVE-2013-2067
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067
[ 10 ] CVE-2013-2071
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071
[ 11 ] CVE-2013-4286
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286
[ 12 ] CVE-2013-4322
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322
[ 13 ] CVE-2013-4590
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590
[ 14 ] CVE-2014-0033
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033
[ 15 ] CVE-2014-0050
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050
[ 16 ] CVE-2014-0075
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075
[ 17 ] CVE-2014-0096
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096
[ 18 ] CVE-2014-0099
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099
[ 19 ] CVE-2014-0119
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/glsa-201412-29.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 64 files
Debian 24 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,171)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,070)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,426)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,010)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Gentoo Linux Security Advisory 201412-29

Gentoo Linux Security Advisory 201412-29

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Gentoo Linux Security Advisory 201412-29

Share This

Gentoo Linux Security Advisory 201412-29

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems