<<< Date Index >>>     <<< Thread Index >>>

[ MDVSA-2009:018 ] tomcat5



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:018
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : tomcat5
 Date    : January 16, 2009
 Affected: 2008.1
 _______________________________________________________________________

 Problem Description:

 Apache Tomcat does not properly handle certain characters in a cookie
 value, which could possibly lead to the leak of sensitive information
 such as session IDs (CVE-2007-5333).
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 990a9d6ffae7be5841f9a9073be4d0af  
2008.1/i586/tomcat5-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 223876925f17ef248c6ff17d4accb563  
2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 7436c767a849437fd50b7e79d1666097  
2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 7cd33808c56ceb9ddeab3d319a372114  
2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 2e7f6a381670859429d071857f090fbe  
2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 3cc0b00b623ddaf17f139a21f10db64d  
2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 e872e87d9b621ba00bf08ce6ffd97834  
2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 bf4dee3baeb2250edb0bcd6cd0f9d230  
2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 3355b29e70c1c9bcebcd682b65223d5f  
2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 b80984a00d8d52d56fe2a151254bb131  
2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 2dfd81094518a497ede031ee151ef970  
2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 8c44749cd7df3d596fd5873a4cd34666  
2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.2mdv2008.1.i586.rpm 
 0f53b8347922bd4df159fb7fe7685c4d  
2008.1/SRPMS/tomcat5-5.5.25-1.2.1.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 487e4d61d35d204ed3a6434153a41770  
2008.1/x86_64/tomcat5-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 cc1781c4ae7c9dac71866572fe48b771  
2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 b9835f802b0827a34fc99e4e959074b5  
2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 77d7e197b3ababc702bddf17d9442c45  
2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 6cc1549ac8610acb83678eb2323b7525  
2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 082baa5fdbb552b7c519008cabeaf514  
2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 4637956ec02229c867448f3e5b026368  
2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 0a6062f4039d2f76ae89911bb2ab5ac6  
2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 e70ddb331223b12255ea321b2c12de5b  
2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 d839046008950ac06d63b9b5389a2e36  
2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 56cc4c6e421e81091e103d2d02bcdbc5  
2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 6a18fb4936f918294641fa63538aba13  
2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm 
 0f53b8347922bd4df159fb7fe7685c4d  
2008.1/SRPMS/tomcat5-5.5.25-1.2.1.2mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJcVTHmqjQ0CJFipgRAknjAKCSGgcsqoNNTVfD86Nv6UiCWNCXbQCgtDhf
47C6LJ/xIxXv1SoqzvX9ghM=
=17kr
-----END PGP SIGNATURE-----