-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat6 security update Advisory ID: RHSA-2017:3080-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:3080 Issue date: 2017-10-29 CVE Names: CVE-2017-12615 CVE-2017-12617 CVE-2017-5647 CVE-2017-5664 ===================================================================== 1. Summary: An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1441205 - CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used 1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism 1461851 - The tomcat6 build is incompatible with the ECJ update 1493220 - CVE-2017-12615 tomcat: Remote Code Execution via JSP Upload 1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: tomcat6-6.0.24-111.el6_9.src.rpm noarch: tomcat6-6.0.24-111.el6_9.noarch.rpm tomcat6-admin-webapps-6.0.24-111.el6_9.noarch.rpm tomcat6-docs-webapp-6.0.24-111.el6_9.noarch.rpm tomcat6-el-2.1-api-6.0.24-111.el6_9.noarch.rpm tomcat6-javadoc-6.0.24-111.el6_9.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-111.el6_9.noarch.rpm tomcat6-lib-6.0.24-111.el6_9.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-111.el6_9.noarch.rpm tomcat6-webapps-6.0.24-111.el6_9.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: tomcat6-6.0.24-111.el6_9.src.rpm noarch: tomcat6-6.0.24-111.el6_9.noarch.rpm tomcat6-admin-webapps-6.0.24-111.el6_9.noarch.rpm tomcat6-docs-webapp-6.0.24-111.el6_9.noarch.rpm tomcat6-el-2.1-api-6.0.24-111.el6_9.noarch.rpm tomcat6-javadoc-6.0.24-111.el6_9.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-111.el6_9.noarch.rpm tomcat6-lib-6.0.24-111.el6_9.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-111.el6_9.noarch.rpm tomcat6-webapps-6.0.24-111.el6_9.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: tomcat6-6.0.24-111.el6_9.src.rpm noarch: tomcat6-6.0.24-111.el6_9.noarch.rpm tomcat6-el-2.1-api-6.0.24-111.el6_9.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-111.el6_9.noarch.rpm tomcat6-lib-6.0.24-111.el6_9.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-111.el6_9.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): noarch: tomcat6-admin-webapps-6.0.24-111.el6_9.noarch.rpm tomcat6-docs-webapp-6.0.24-111.el6_9.noarch.rpm tomcat6-javadoc-6.0.24-111.el6_9.noarch.rpm tomcat6-webapps-6.0.24-111.el6_9.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: tomcat6-6.0.24-111.el6_9.src.rpm noarch: tomcat6-6.0.24-111.el6_9.noarch.rpm tomcat6-el-2.1-api-6.0.24-111.el6_9.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-111.el6_9.noarch.rpm tomcat6-lib-6.0.24-111.el6_9.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-111.el6_9.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): noarch: tomcat6-admin-webapps-6.0.24-111.el6_9.noarch.rpm tomcat6-docs-webapp-6.0.24-111.el6_9.noarch.rpm tomcat6-javadoc-6.0.24-111.el6_9.noarch.rpm tomcat6-webapps-6.0.24-111.el6_9.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-12615 https://access.redhat.com/security/cve/CVE-2017-12617 https://access.redhat.com/security/cve/CVE-2017-5647 https://access.redhat.com/security/cve/CVE-2017-5664 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZ9m/mXlSAg2UNWIIRAovAAJ9CpiywXfHnA8IoloN3X8uAiQdctACgrmUU LQvJ4nLI4fBaw5mKqe1aNQY= =G9kA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce