tomcat8 8.0.38-2ubuntu1 source package in Ubuntu
Changelog
tomcat8 (8.0.38-2ubuntu1) zesty; urgency=medium
* SECURITY UPDATE: HTTP response injection via invalid characters
- debian/patches/CVE-2016-6816.patch: add additional checks for valid
characters in java/org/apache/coyote/http11/AbstractInputBuffer.java,
java/org/apache/coyote/http11/AbstractNioInputBuffer.java,
java/org/apache/coyote/http11/InternalAprInputBuffer.java,
java/org/apache/coyote/http11/InternalInputBuffer.java,
java/org/apache/coyote/http11/LocalStrings.properties,
java/org/apache/tomcat/util/http/parser/HttpParser.java.
- CVE-2016-6816
* SECURITY UPDATE: remote code execution via JmxRemoteLifecycleListener
- debian/patches/CVE-2016-8735.patch: explicitly configure allowed
credential types in
java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java.
- CVE-2016-8735
* SECURITY UPDATE: information leakage between requests
- debian/patches/CVE-2016-8745.patch: properly handle cache when unable
to complete sendfile request in
java/org/apache/tomcat/util/net/NioEndpoint.java.
- CVE-2016-8745
* SECURITY UPDATE: privilege escalation during package upgrade
- debian/rules, debian/tomcat8.postinst: properly set permissions on
/etc/tomcat8/Catalina/localhost.
- CVE-2016-9774
* SECURITY UPDATE: privilege escalation during package removal
- debian/tomcat8.postrm.in: don't reset permissions before removing
user.
- CVE-2016-9775
-- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 08:38:11 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Zesty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| tomcat8_8.0.38.orig.tar.xz | 3.3 MiB | 1c5338c19fd15bc40ae5646a83525ce01b5dac5741f953bc4bb344b0fc4b64a6 |
| tomcat8_8.0.38-2ubuntu1.debian.tar.xz | 42.0 KiB | f314e152bc4173e84afd20199076d6a078e15e15d82f884dc2a52f84b1ead399 |
| tomcat8_8.0.38-2ubuntu1.dsc | 2.9 KiB | 21c433bfdcb79c1591df27c6409c3aa68e547761746a32eae9aee15c433fd257 |
Available diffs
Binary packages built by this source
- libservlet3.1-java: No summary available for libservlet3.1-java in ubuntu zesty.
No description available for libservlet3.1-java in ubuntu zesty.
- libservlet3.1-java-doc: No summary available for libservlet3.1-java-doc in ubuntu zesty.
No description available for libservlet3.
1-java- doc in ubuntu zesty.
- libtomcat8-embed-java: No summary available for libtomcat8-embed-java in ubuntu zesty.
No description available for libtomcat8-
embed-java in ubuntu zesty.
- libtomcat8-java: No summary available for libtomcat8-java in ubuntu zesty.
No description available for libtomcat8-java in ubuntu zesty.
- tomcat8: No summary available for tomcat8 in ubuntu zesty.
No description available for tomcat8 in ubuntu zesty.
- tomcat8-admin: No summary available for tomcat8-admin in ubuntu zesty.
No description available for tomcat8-admin in ubuntu zesty.
- tomcat8-common: No summary available for tomcat8-common in ubuntu zesty.
No description available for tomcat8-common in ubuntu zesty.
- tomcat8-docs: No summary available for tomcat8-docs in ubuntu zesty.
No description available for tomcat8-docs in ubuntu zesty.
- tomcat8-examples: No summary available for tomcat8-examples in ubuntu zesty.
No description available for tomcat8-examples in ubuntu zesty.
- tomcat8-user: No summary available for tomcat8-user in ubuntu zesty.
No description available for tomcat8-user in ubuntu zesty.
