-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3609-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 29, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 CVE ID : CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2016-3092 Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service. For the stable distribution (jessie), these problems have been fixed in version 8.0.14-1+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 8.0.36-1. We recommend that you upgrade your tomcat8 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXdCc6AAoJEBDCk7bDfE42D9cP/2ik/ASnMwwtMQfJlx857NGO kZUvugvGZYr2dsoChjSRaZEZW5ZqlfVCcp08eGbNFrBcaNWwNYM/r2Yw7thmX8Au UogfJIWJeDKQYOOWnUXY4E43r1pqwbiUWqMTDa/PxectMihuSF79kW9cpsEed6MI bbTjmXFbcN8DfkkcUOEsgag9NbFFOpyqwK59lF3oOTNT7kf7riJlZnlnzXX61FN+ UXAZyWqwDQFH5uK1iBc/f/DhaqWILZ9XnRE/vFeBqFTNT5hKye6T2a2suX4xf9e1 ppLiLMn6748W6Sb38/T8UEyb7EFEVhdaCaceBhlLGA1xOSFA+16Vfl96DLOyBU0m Qv1bdS+f9oOqjo7JPYfAJxkF+i3+mzt0UyUwNt/WPmZlkCb2KEJXm3KdVq6XnjWD R3r12jgC1jt/iVSzn5ERB2IT2gClvCQ7L8FDBJKwMHN9NEMsYnkk54zSPpTWkCeM ACOKN7QNI6H1ANbKLe15dU+dsjf66vkAqU8MbB/n3YJgs3GasAgcBUVhhZtZZER6 lH0uvqsHrRRCNRoRir0NuLI28B3QTp4T8uhjb1eOl1UJVaIppP8ZXQSulxkZe3Ru fxG88APd/FxozpjqKQJkHMbuFV8fdFGs1PTGUJps4t/3Ul0aWsShIwt3jsHTw7oB 4vzBC2DzyU52NmxLR7rn =+5Ef -----END PGP SIGNATURE-----