=========================================================================== Ubuntu Security Notice USN-3204-1 February 20, 2017 tomcat6, tomcat7 vulnerability =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Tomcat could be made to consume resources if it received specially crafted network traffic. Software Description: - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Details: It was discovered that Tomcat incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to cause Tomcat to consume resources, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.10 tomcat7 7.0.52-1ubuntu0.10 Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.11 tomcat6 6.0.35-1ubuntu3.11 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3204-1 CVE-2017-6056 Package Information: https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.10 https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.11