You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa tomcat8

Sigurnosni nedostaci programskog paketa tomcat8

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4673-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 03, 2020 https://www.debian.org/security/faq
– ————————————————————————-

Package : tomcat8
CVE ID : CVE-2019-17569 CVE-2020-1935 CVE-2020-1938

Several vulnerabilities were discovered in the Tomcat servlet and JSP
engine, which could result in HTTP request smuggling and code execution
in the AJP connector (disabled by default in Debian).

For the oldstable distribution (stretch), these problems have been fixed
in version 8.5.54-0+deb9u1.

We recommend that you upgrade your tomcat8 packages.

For the detailed security status of tomcat8 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tomcat8

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6vDOEACgkQEMKTtsN8
TjaAFRAAoAKw1AMWyaBUnxXpVwYqKvQ4CXcJxHCIAAFSQdMDLosTcKToyE3bzv13
UWZ1O7q4uMYhbyJv+bHzu4QTvWKAHAr/X8rdIe5d9FpzBGczWzAVOby4nLuXHSOj
Y83IdXtXM3DopRcqPS8dUzcoQ8U+fOcmZeIB48IAqbMW+Okum8yxjDW1fVx+hl07
oAOg8tJwdRddGq1/l1hjgsDqqN4y56rG9YNLNGHDrWI8z1iN5Wxf5mGoJjd+ebbc
gSRBxt5UYbiqE1FHVmM2EhSwoCsglYIKWYZQC1cg1WvoKDbqKpXB5TRYGWpB/FDN
5EPqEDJkiNf0+03mg+sa6ccY0bEDNJdZOiQKydopVu4Mh1BQ2oEQfBIc4eXPKCmK
0vV0Wdyfl1jQF4yo4vo7yQr4wbAJjLWJcg6pc/k4pwwZ2/wbnX/vbK+t0GpXfjnl
wPLp47H5Rg9/2xly4zbdRJxA5rS1tQ3ykLCkF5AA4kCLTwXsiFgFD5Ec3va9hw9h
VU15HO9UHDb8PUGGMTVCJzzBIdIREp3zjGI5g4TGU40BubdDaB20cmvKDrl5PFig
rco9lTz9K3ngBRgVs5gNGMCaRhcT90sWuNlMoSFeKx1GMknIMdMjuiVkMpMwdvO/
xZpvx+f3wL09FWzDBcObPxdFzLi0kA8L+refmEJ9jifzwnPWJX4=
=nZPM
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa trafficserver

Otkriveni su sigurnosni nedostaci u programskom paketu trafficserver za operacijski sustav Debian. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju zaobilaženje sigurnosnih...

Close