Overview

File _patchinfo of Package patchinfo.1181

<patchinfo>
  <issue id="791679" tracker="bnc">CVE-2012-5568: tomcat: affected by slowloris DoS</issue>
  <issue id="789406" tracker="bnc">CVE-2012-2733: tomcat: HTTP NIO connector OOM DoS via a request with large headers</issue>
  <issue id="793394" tracker="bnc">CVE-2012-3546: tomcat: Bypass of security constraints</issue>
  <issue id="793391" tracker="bnc">CVE-2012-4431: tomcat: bypass of CSRF prevention filter</issue>
  <issue id="791426" tracker="bnc">CVE-2012-5887: tomcat: stale nonce weakness</issue>
  <issue id="791424" tracker="bnc">CVE-2012-5886: tomcat: authentication caching weakness</issue>
  <issue id="791423" tracker="bnc">CVE-2012-5885: tomcat: cnonce tracking weakness</issue>
  <issue id="CVE-2012-3546" tracker="cve" />
  <issue id="CVE-2009-2902" tracker="cve" />
  <issue id="CVE-2012-4431" tracker="cve" />
  <issue id="CVE-2012-2733" tracker="cve" />
  <issue id="CVE-2009-2693" tracker="cve" />
  <issue id="CVE-2012-5885" tracker="cve" />
  <issue id="CVE-2009-2901" tracker="cve" />
  <issue id="CVE-2012-5887" tracker="cve" />
  <issue id="CVE-2012-5886" tracker="cve" />
  <issue id="CVE-2012-5568" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>mvyskocil</packager>
  <description>
- fix bnc#793394 - bypass of security constraints (CVE-2012-3546)
  * apache-tomcat-CVE-2012-3546.patch
  http://svn.apache.org/viewvc?view=revision&amp;revision=1381035
- fix bnc#793391 - bypass of CSRF prevention filter (CVE-2012-4431)
  * apache-tomcat-CVE-2012-4431.patch
  http://svn.apache.org/viewvc?view=revision&amp;revision=1394456

- document how to protect against slowloris DoS (CVE-2012-5568/bnc#791679)
  in README.SUSE

- fixes
  bnc#791423 - cnonce tracking weakness (CVE-2012-5885)
  bnc#791424 - authentication caching weakness (CVE-2012-5886)
  bnc#791426 - stale nonce weakness (CVE-2012-5887)
  * apache-tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.patch
  http://svn.apache.org/viewvc?view=revision&amp;revision=1380829

- fix bnc#789406 - HTTP NIO connector OOM DoS via a request with
  large headers (CVE-2012-2733)
  * http://svn.apache.org/viewvc?view=revision&amp;revision=1356208

</description>
  <summary>update for tomcat6</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places