Bugtraq: [SECURITY] [DSA 3788-2] tomcat8 regression update

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA512

– ————————————————————————

Debian Security Advisory DSA-3788-2 security (at) debian (dot) org [email concealed]

https://www.debian.org/security/ Salvatore Bonaccorso

February 22, 2017 https://www.debian.org/security/faq

– ————————————————————————

Package : tomcat8

The update for tomcat8 issued as DSA-3788-1 caused that the server could

return HTTP 400 errors under certain circumstances. Updated packages are

now available to correct this issue. For reference, the original

advisory text follows.

It was discovered that a programming error in the processing of HTTPS

requests in the Apache Tomcat servlet and JSP engine may result in

denial of service via an infinite loop.

For the stable distribution (jessie), this problem has been fixed in

version 8.0.14-1+deb8u8.

We recommend that you upgrade your tomcat8 packages.

Further information about Debian Security Advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://www.debian.org/security/

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]

—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlituMpfFIAAAAAALgAo

aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2

NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND

z0TR/Q/9GYULVLaN17mQJPJsXN0AVMwPY9uVPuipWIILxEorzRh4+ikHt7RXSxXJ

1rdrX8KsAcrkPRe4GwxRJT3T4h3COu4LluAnuauw1wp7D6ANPm3A+v+6YJxSPMQD

sMNj7olu+jVIols0lLmWoNWQgAxEJ4OFxrny4KNP1MDbrlf5UjYA1frIK0JcXdxt

t+fR5imTfbqHAhuESyLm7YmIzCsLlCroFWaeuauZTQqM6p4+LzCpGRYA3BoU6X4S

SnZ14o6S/E5JFEn9qVZQ5usS0VHFZRFRtq5txuzaKM6u1NyswPFwE5LrO26IyIa2

kCRg6pJ+cwe/jrlBSJ67UPRXZNljMB6hvZD14FqcFdb+QifVDlKrQHOKxKi7SYSV

Lksi5QuUa9bzHgYAok7PdcXoKqKbrJP1U8dj8bvDIVxBqxaX7H2aGjlu357ESVSs

DVab7ETfCtsLy1/P66hFMVjoWWZPswAwNUr0XK8J9zCd6ARUEARZ4XrlXuk0A8vN

5Z5ubeWPx0mmAqA4VO9YNELkboWAgZheI9JE9BfepBPRwggCarFn51COcQrMl8Z7

e9XTZblwbadiUj0NCZgWdklWU3BVgiUJpFY1exp1tgAid4jp6rWVcDq3/DVwaUKV

nepkUYnVxEtsLSHH+P90I8JdwM+GFxX1F+K5YaaCIQfJCNxhu4g=

=S0Vn

—–END PGP SIGNATURE—–

[ reply ]

Source: SecurityFocus Vulnerabilities @ February 22, 2017 at 01:04PM

0
Share