You are here
Home > Preporuke > Sigurnosni nedostatak programskih paketa tomcat7, tomcat8

Sigurnosni nedostatak programskih paketa tomcat7, tomcat8

by - 0

==========================================================================
Ubuntu Security Notice USN-3787-1
October 10, 2018

tomcat7, tomcat8 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Tomcat could be made to redirect to arbitrary locations.

Software Description:
– tomcat8: Servlet and JSP engine
– tomcat7: Servlet and JSP engine

Details:

It was discovered that Tomcat incorrectly handled returning redirects to a
directory. A remote attacker could possibly use this issue with a specially
crafted URL to redirect to arbitrary URIs.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libtomcat8-java 8.0.32-1ubuntu1.8
tomcat8 8.0.32-1ubuntu1.8

Ubuntu 14.04 LTS:
libtomcat7-java 7.0.52-1ubuntu0.16
tomcat7 7.0.52-1ubuntu0.16

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3787-1
CVE-2018-11784

Package Information:
https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.8
https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.16

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlu+Id4ACgkQZWnYVadE
vpOq8w//ejQx/hIOuyq0Ob/lpzKNtxykcaMGRJVhlwjrUn9ikPthvl1xcwJV7hts
NxqcieuYiwCSzSW8yA/EEWJ8/vAnuzwa0AEZEzHrH/mgCbJcy7nWKyR15tW28zo0
2Po6vzQILZAZdt/RA2EcMep78q7xMlUpHpx5tE0egnJy+f6SosWiOGZNuGsf2LYR
9JfZS5IxdMyHP1LbZBB8leeVsoo7zHEjPddxME8GDJWa/wJnxaOVrpFE3/oB04pn
T4tqaec8nNf5OdHF/o1RNVW9SPuZFgmH+aViADwqbrVAzmYZZkAkwrjZcEzoTN0g
EmtBQeHIS6AWI8n+7B/9G2KxnkayTPtUE5tWDU1UMMEQz7evJnjPZ8Lm01S1ubmP
841ZBBFlxn+Huv9gCnuiKkbMoJXbKzlncCE8pvYu3q7qQ3PJx8RZZGrOo1Pwpf+E
XyinsdRlc7aH9/Gy2s3wnVll1CdE/M28iXfJUe8SKY8VwAnK8mC/JcjidnEoXulK
Fhy7fmdX56HjlYhOahoedaGCerI9vWJiK3gliYtFvkWDU9HoXOUx2wlR4faZkgsu
MHrC4VWr0ufxlD534gqaszMcoWojU11w1n43P5Ix/nYAQOesFc4OLfPqwfuUEUEf
swo6AaNdFcsm/doDGjQyRA7AxW/Ghns0q0ig2cjzyoRV+qtyWLM=
=RmVZ
—–END PGP SIGNATURE—–

Top
More in Preporuke
Nadogradnja za Microsoft Office for Mac

Microsoft je izdao nadogradnju za otklanjanje ranjivosti u programskom paketu Microsoft Office 2016 for Mac. Ranjivosti su pronađene u komponenti...

Close