Tomcat9 package is old version with many security issues
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tomcat9 (Ubuntu) |
Fix Released
|
Undecided
|
Paulo Flabiano Smorigo |
Bug Description
Tomcat9 package is based on 9.0.16 on bionic and 9.0.31 on focal.
Several "Important" security vulnerabilities has been found since those versions:
https:/
```
Important
A vulnerability rated as Important impact is one which could result in the compromise of data or availability of the server. For Tomcat this includes issues that allow an easy remote denial of service (something that is out of proportion to the attack or with a lasting consequence), access to arbitrary files outside of the context root, or access to files that should be otherwise prevented by limits or authentication.
```
These packages should be updated to use at least Tomcat 9.0.40. Can you please provide the update?
Thanks!
CVE References
Changed in tomcat9 (Ubuntu): | |
assignee: | nobody → Paulo Flabiano Smorigo (pfsmorigo) |
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res