Tomcat needs update to prevent hash function DoS attack
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tomcat6 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Maverick |
Fix Released
|
Medium
|
Unassigned | ||
Natty |
Fix Released
|
Medium
|
Unassigned | ||
Oneiric |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
http://
Natty, Oneiric and any other still supported Ubuntu versions should upgrade to Tomcat version 6.0.35, to protect against the rather nasty attack described in the above security advisory.
Tomcat7 should be upgraded to 7.0.23.
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: tomcat6 (not installed)
ProcVersionSign
Uname: Linux 3.0.0-14-generic x86_64
NonfreeKernelMo
ApportVersion: 1.23-0ubuntu4
Architecture: amd64
Date: Thu Dec 29 20:20:29 2011
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: tomcat6
UpgradeStatus: No upgrade log present (probably fresh install)
visibility: | private → public |
Changed in tomcat6 (Ubuntu Precise): | |
status: | New → Fix Released |
Changed in tomcat6 (Ubuntu Lucid): | |
status: | New → Confirmed |
Changed in tomcat6 (Ubuntu Maverick): | |
status: | New → Confirmed |
Changed in tomcat6 (Ubuntu Natty): | |
status: | New → Confirmed |
Changed in tomcat6 (Ubuntu Oneiric): | |
status: | New → Confirmed |
Changed in tomcat6 (Ubuntu Lucid): | |
importance: | Undecided → Medium |
Changed in tomcat6 (Ubuntu Maverick): | |
importance: | Undecided → Medium |
Changed in tomcat6 (Ubuntu Natty): | |
importance: | Undecided → Medium |
Changed in tomcat6 (Ubuntu Oneiric): | |
importance: | Undecided → Medium |
There are now updated tomcat6 packages that fix this issue, and CVE-2012-0022 in -proposed. Since the patch is quite intrusive, they will stay in -proposed until they get some testing.
If you would like to help, please enable -proposed, test the updates, and post your results here.
Thanks.