=========================================================== Ubuntu Security Notice USN-1097-1 March 29, 2011 tomcat6 vulnerabilities CVE-2010-3718, CVE-2011-0013, CVE-2011-0534 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: libtomcat6-java 6.0.20-2ubuntu2.4 tomcat6-admin 6.0.20-2ubuntu2.4 Ubuntu 10.04 LTS: libtomcat6-java 6.0.24-2ubuntu1.7 tomcat6-admin 6.0.24-2ubuntu1.7 Ubuntu 10.10: libtomcat6-java 6.0.28-2ubuntu1.2 tomcat6-admin 6.0.28-2ubuntu1.2 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that the Tomcat SecurityManager did not properly restrict the working directory. An attacker could use this flaw to read or write files outside of the intended working directory. (CVE-2010-3718) It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2011-0013) It was discovered that Tomcat incorrectly enforced the maxHttpHeaderSize limit in certain configurations. A remote attacker could use this flaw to cause Tomcat to consume all available memory, resulting in a denial of service. (CVE-2011-0534) Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.4.diff.gz Size/MD5: 30146 368440fa70bc0db3761dabf5f2709dda http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.4.dsc Size/MD5: 2199 24aa6255ebff7bd1eb07dfa60724e814 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20.orig.tar.gz Size/MD5: 3590562 44f49e7e14028b6a53c3c346bd18c72f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.20-2ubuntu2.4_all.deb Size/MD5: 247668 768a68b87440f30367d7411d0577d165 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.20-2ubuntu2.4_all.deb Size/MD5: 183426 ed8f02b43e199f809f41fae880766e87 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.20-2ubuntu2.4_all.deb Size/MD5: 2915040 4a12a41f6d19bd3b6ed60689ead5d006 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.20-2ubuntu2.4_all.deb Size/MD5: 39302 c03eff75d4c4ae56b31f93665851a13a http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.20-2ubuntu2.4_all.deb Size/MD5: 37028 5ecbb0f812963199b14d75f122f6e6f1 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.20-2ubuntu2.4_all.deb Size/MD5: 480530 f6b5cef256b51db43e6312aed3036bf6 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.20-2ubuntu2.4_all.deb Size/MD5: 419566 dbc1ceb31ccbd312b3b6e33bd1a852a2 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.20-2ubuntu2.4_all.deb Size/MD5: 22166 68229ede69d18279fb42e8860b85dcb4 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.4_all.deb Size/MD5: 26564 e476efe024c88de1af97d90e741f6861 Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.7.debian.tar.gz Size/MD5: 36286 14073ec9f0672f44cc6a32235e81c29d http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.7.dsc Size/MD5: 2405 6b7d220adbe7cd6be08219e82d9aa455 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24.orig.tar.gz Size/MD5: 3262568 0bc48af723d6fee31e404434b3744f66 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.24-2ubuntu1.7_all.deb Size/MD5: 255654 3ce49af59adc048b9d09f8835872def6 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.24-2ubuntu1.7_all.deb Size/MD5: 190998 5ada256123bf0f2caed7997bafc5a64f http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.24-2ubuntu1.7_all.deb Size/MD5: 3008834 98b54b99e32a9438303232367b66d607 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.24-2ubuntu1.7_all.deb Size/MD5: 42308 50bc5b02ee89bcfb03db3008923b55de http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.24-2ubuntu1.7_all.deb Size/MD5: 46510 5be3c6ac05b1abd929f43b0fcfe48b90 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.24-2ubuntu1.7_all.deb Size/MD5: 510134 6a08a6206e048f73c57bb47e666e6033 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.24-2ubuntu1.7_all.deb Size/MD5: 158016 ba1ac786b1bae3b826b8760a0de2e2ff http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.24-2ubuntu1.7_all.deb Size/MD5: 25632 047bb156942e60dddb28002002c0bf82 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.7_all.deb Size/MD5: 31636 24c8c29feaa4d0e54e47f4fcd521d7b8 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.2.debian.tar.gz Size/MD5: 38583 a37a9a0eb6c8b47c02e68d3b2abf7bad http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.2.dsc Size/MD5: 2360 7195e057f375b37fb6bee143379aa709 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28.orig.tar.gz Size/MD5: 3114279 c3d696609054be07a55c14a7de1b8ddf Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.28-2ubuntu1.2_all.deb Size/MD5: 248152 d369aba28ffd0f4915cdfa5df802e8b2 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.28-2ubuntu1.2_all.deb Size/MD5: 191768 6825151048eb76f3e689a544c8556b02 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.28-2ubuntu1.2_all.deb Size/MD5: 3025748 2a472cf2b6cb4db888267bc0929d6bf3 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.28-2ubuntu1.2_all.deb Size/MD5: 42910 2ece5f8876f3af69148d6e43fc76d5d5 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.28-2ubuntu1.2_all.deb Size/MD5: 47558 f5e5851d790a889592ec76e39553a9a7 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.28-2ubuntu1.2_all.deb Size/MD5: 514046 759531246db94fed8d60aa3acf875e9a http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.28-2ubuntu1.2_all.deb Size/MD5: 161072 ce091b828050a221a1b79665a3e36e9b http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.28-2ubuntu1.2_all.deb Size/MD5: 26196 cf4d5b3b1f61f30fe244cc51d11f1c10 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.2_all.deb Size/MD5: 33088 1dbe58b7fda5951c3192f57671cb54bb