Tomcat was updated to fix security issues and bug:
CVE-2013-1976: Avoid a potential symlink race during startup of the tomcat server, where a local attacker that gaine access to the tomcat chroot could escalate privileges to root.
CVE-2013-2067: java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat did not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
CVE-2012-3544: Tomcat were affected by a chunked transfer encoding extension size denial of service vulnerability.
- Submitted by Stefan Lijewski (lijews)