Ubuntu Security Notice 976-1 - It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding headers. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a denial of service, or possibly obtain sensitive information from other requests.
c49a0ef250ba4b756e90aad4b96a7cf91f66b6d92e371674186a3b60746823f0
===========================================================
Ubuntu Security Notice USN-976-1 August 25, 2010
tomcat6 vulnerability
CVE-2010-2227
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.04:
libtomcat6-java 6.0.18-0ubuntu6.3
Ubuntu 9.10:
libtomcat6-java 6.0.20-2ubuntu2.2
Ubuntu 10.04 LTS:
libtomcat6-java 6.0.24-2ubuntu1.3
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding
headers. A remote attacker could send specially crafted requests containing
invalid headers to the server and cause a denial of service, or possibly
obtain sensitive information from other requests.
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.3.diff.gz
Size/MD5: 30050 75de0a1316bc34227060d042c20d8c38
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.3.dsc
Size/MD5: 1412 188f1cfcc4b3b63975c0e2229c19d38c
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz
Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.3_all.deb
Size/MD5: 246612 21e11f9c0a17be237dd9f97d584ff2ab
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.3_all.deb
Size/MD5: 172804 392096566951baab934719b4639b45b8
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.3_all.deb
Size/MD5: 2847842 553828b2f158cf856bfe604bc9f4be45
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.3_all.deb
Size/MD5: 38210 c10afbf52194108e7bf89e16744934bc
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.3_all.deb
Size/MD5: 53524 646532e66478de18e2a0a75fce6bd115
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.3_all.deb
Size/MD5: 714432 04c88fc0ab11de3f39e0f05ef3f47d3c
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.3_all.deb
Size/MD5: 418592 f7d35eea325ee1914cbc4988420993eb
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.3_all.deb
Size/MD5: 20974 8cb24c726ce75010f98ba6ec2a516ea6
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.3_all.deb
Size/MD5: 25352 92268953fafb1a5ef96f6d6e645ae12e
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.2.diff.gz
Size/MD5: 25177 65aeb39da2704850e5b368a46980e8ee
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.2.dsc
Size/MD5: 1564 7a27be3c6be1df01a80219a71b219696
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20.orig.tar.gz
Size/MD5: 3590562 44f49e7e14028b6a53c3c346bd18c72f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.20-2ubuntu2.2_all.deb
Size/MD5: 247294 b4cbcd364cbcd04911e3b25cf198f07c
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.20-2ubuntu2.2_all.deb
Size/MD5: 183096 06459b765e5a80932965d8799e14471f
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.20-2ubuntu2.2_all.deb
Size/MD5: 2914570 9c2bffea9539d14880558033dab95eac
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.20-2ubuntu2.2_all.deb
Size/MD5: 38912 67d391543e5074d3bf0b4950adea23f8
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.20-2ubuntu2.2_all.deb
Size/MD5: 36678 dbb73216c89c46e7c431b56d0caaad9f
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.20-2ubuntu2.2_all.deb
Size/MD5: 480078 df083c520b559f4784b9e84716e9e545
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.20-2ubuntu2.2_all.deb
Size/MD5: 419192 54964deda126605ecedbbae6646aea19
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.20-2ubuntu2.2_all.deb
Size/MD5: 21754 8ae9f3fadceacf93c7a0ec2c5822ba0c
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.2_all.deb
Size/MD5: 26162 f764f22044eb2f804d034447f19aa713
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.3.debian.tar.gz
Size/MD5: 30370 8879dfaf6fb4a02cc197e8621505bf70
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.3.dsc
Size/MD5: 1765 6d8ad4bd7f434d2de0f39344165ae641
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24.orig.tar.gz
Size/MD5: 3262568 0bc48af723d6fee31e404434b3744f66
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.24-2ubuntu1.3_all.deb
Size/MD5: 247276 4ca0920c48ffcada8e6b98d965339a47
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.24-2ubuntu1.3_all.deb
Size/MD5: 190556 3952ca5d4e4ae5e681fdd174b1dc5fe0
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.24-2ubuntu1.3_all.deb
Size/MD5: 3009122 eb0187bb5a32a873d2616610943ad303
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.24-2ubuntu1.3_all.deb
Size/MD5: 41218 270c8d45b9905165ba56c391bf25f40e
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.24-2ubuntu1.3_all.deb
Size/MD5: 46196 705dc452b8cd7b96608899f3e7970652
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.24-2ubuntu1.3_all.deb
Size/MD5: 495340 c977cc0d891f650b97ff0bf34709e3a4
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.24-2ubuntu1.3_all.deb
Size/MD5: 158856 7a34a8b53ba251073485073e60394446
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.24-2ubuntu1.3_all.deb
Size/MD5: 24958 758b3c4f2c04766acc63efce328c1eb7
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.3_all.deb
Size/MD5: 30804 25ec7ef433e9fea6a32e8f54923129c2