tomcat8 8.0.37-1ubuntu0.1 source package in Ubuntu
Changelog
tomcat8 (8.0.37-1ubuntu0.1) yakkety-security; urgency=medium * SECURITY UPDATE: HTTP response injection via invalid characters - debian/patches/CVE-2016-6816.patch: add additional checks for valid characters in java/org/apache/coyote/http11/AbstractInputBuffer.java, java/org/apache/coyote/http11/AbstractNioInputBuffer.java, java/org/apache/coyote/http11/InternalAprInputBuffer.java, java/org/apache/coyote/http11/InternalInputBuffer.java, java/org/apache/coyote/http11/LocalStrings.properties, java/org/apache/tomcat/util/http/parser/HttpParser.java. - CVE-2016-6816 * SECURITY UPDATE: remote code execution via JmxRemoteLifecycleListener - debian/patches/CVE-2016-8735.patch: explicitly configure allowed credential types in java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java. - CVE-2016-8735 * SECURITY UPDATE: information leakage between requests - debian/patches/CVE-2016-8745.patch: properly handle cache when unable to complete sendfile request in java/org/apache/tomcat/util/net/NioEndpoint.java. - CVE-2016-8745 * SECURITY UPDATE: privilege escalation during package upgrade - debian/rules, debian/tomcat8.postinst: properly set permissions on /etc/tomcat8/Catalina/localhost. - CVE-2016-9774 * SECURITY UPDATE: privilege escalation during package removal - debian/tomcat8.postrm.in: don't reset permissions before removing user. - CVE-2016-9775 * debian/tomcat8.init: further hardening. -- Marc Deslauriers <email address hidden> Fri, 13 Jan 2017 10:48:08 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Yakkety
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- java
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
tomcat8_8.0.37.orig.tar.xz | 3.3 MiB | 1ae2c181e1be0e2309712ab597ff0466870bbecd19d5031e60ce63f9d726a55c |
tomcat8_8.0.37-1ubuntu0.1.debian.tar.xz | 41.6 KiB | 3f0b9cb5de3da1639ef5aa3dfc39a9a620ef591707164646d3462baf2f132457 |
tomcat8_8.0.37-1ubuntu0.1.dsc | 2.9 KiB | 1d320fdb959cf4a7397c3e8e587f040d48f24523d36ca4396d552d6653645eae |
Available diffs
Binary packages built by this source
- libservlet3.1-java: No summary available for libservlet3.1-java in ubuntu yakkety.
No description available for libservlet3.1-java in ubuntu yakkety.
- libservlet3.1-java-doc: No summary available for libservlet3.1-java-doc in ubuntu yakkety.
No description available for libservlet3.
1-java- doc in ubuntu yakkety.
- libtomcat8-java: No summary available for libtomcat8-java in ubuntu yakkety.
No description available for libtomcat8-java in ubuntu yakkety.
- tomcat8: No summary available for tomcat8 in ubuntu yakkety.
No description available for tomcat8 in ubuntu yakkety.
- tomcat8-admin: No summary available for tomcat8-admin in ubuntu yakkety.
No description available for tomcat8-admin in ubuntu yakkety.
- tomcat8-common: No summary available for tomcat8-common in ubuntu yakkety.
No description available for tomcat8-common in ubuntu yakkety.
- tomcat8-docs: No summary available for tomcat8-docs in ubuntu yakkety.
No description available for tomcat8-docs in ubuntu yakkety.
- tomcat8-examples: No summary available for tomcat8-examples in ubuntu yakkety.
No description available for tomcat8-examples in ubuntu yakkety.
- tomcat8-user: No summary available for tomcat8-user in ubuntu yakkety.
No description available for tomcat8-user in ubuntu yakkety.