calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd9d1dc6fb6'
${ noResults }
gentoo-overlay/metadata/glsa/glsa-201705-09.xml

84 lines
3.5 KiB
Raw Normal View History Unescape

Sync with portage [Thu May 18 08:59:44 MSK 2017].
7 years ago
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201705-09">
<title>Apache Tomcat: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Apache Tomcat, the
worst of which could lead to privilege escalation.
</synopsis>
<product type="ebuild">tomcat</product>
<announced>2017-05-18</announced>
Sync with portage [Mon Jan 15 09:08:43 MSK 2018].
6 years ago
<revised count="1">2017-05-18</revised>
Sync with portage [Thu May 18 08:59:44 MSK 2017].
7 years ago
<bug>575796</bug>
<bug>586966</bug>
<bug>595978</bug>
<bug>615868</bug>
<access>local, remote</access>
<affected>
<package name="www-servers/tomcat" auto="yes" arch="*">
<unaffected range="ge">8.0.36</unaffected>
<unaffected range="ge">7.0.70</unaffected>
<vulnerable range="lt">8.0.36</vulnerable>
</package>
</affected>
<background>
<p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Tomcat. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="high">
<p>A remote attacker may be able to cause a Denial of Service condition,
obtain sensitive information, bypass protection mechanisms and
authentication restrictions.
</p>
<p>A local attacker, who is a tomcats system user or belongs to
tomcats group, could potentially escalate privileges.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Apache Tomcat users have to manually check their Tomcat runscripts
to make sure that they dont use an old, vulnerable runscript. In
addition:
</p>
<p>All Apache Tomcat 7 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-7.0.70:7"
</code>
<p>All Apache Tomcat 8 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-8.0.36:8"
</code>
</resolution>
<references>
Sync with portage [Fri Sep 29 08:47:31 MSK 2017].
7 years ago
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5174">CVE-2015-5174</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5345">CVE-2015-5345</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5346">CVE-2015-5346</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5351">CVE-2015-5351</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0706">CVE-2016-0706</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0714">CVE-2016-0714</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0763">CVE-2016-0763</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1240">CVE-2016-1240</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3092">CVE-2016-3092</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8745">CVE-2016-8745</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5647">CVE-2017-5647</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5648">CVE-2017-5648</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5650">CVE-2017-5650</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5651">CVE-2017-5651</uri>
Sync with portage [Thu May 18 08:59:44 MSK 2017].
7 years ago
</references>
<metadata tag="requester" timestamp="2017-04-19T05:58:37Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-05-18T01:49:59Z">whissi</metadata>
</glsa>