Overview Details Repositories Revisions Requests Users Attributes Meta
tomcat: security update

Tomcat was updated to fix security issues and bug:

CVE-2013-1976: Avoid a potential symlink race during
startup of the tomcat server, where a local attacker that gaine
access to the tomcat chroot could escalate privileges to root.

CVE-2013-2067: java/org/apache/catalina/authenticator/FormAuthenticator.java
in the form authentication feature in Apache Tomcat did not properly
handle the relationships between authentication requirements and sessions,
which allows remote attackers to inject a request into a session by
sending this request during completion of the login form, a variant of
a session fixation attack.

CVE-2012-3544: Tomcat were affected by a chunked transfer encoding
extension size denial of service vulnerability.

Also the following bug was fixed:
- Fix tomcat init scripts generating malformed classpath
(http://youtrack.jetbrains.com/issue/JT-18545)
bnc#804992

Fixed bugs
bnc#822177
VUL-1: CVE-2013-1976: tomcat: two issues
bnc#831117
VUL-0: CVE-2013-2071: tomcat7 Information disclosure
bnc#768772
Multiple bugs in tomcat init script
bnc#804992
tomcat: sanitize the CLASSPATH before start a service
bnc#831119
VUL-0: CVE-2012-3544: tomcat6 tomcat7: Denial of service via chunked transfer encoding
CVE-CVE-2013-1976
CVE-CVE-2012-3544
CVE-CVE-2013-2067
Selected Binaries
openSUSE Build Service is sponsored by
Places