Ubuntu
tomcat6 package

tomcat6 6.0.35-1ubuntu3.7 source package in Ubuntu

Changelog

tomcat6 (6.0.35-1ubuntu3.7) precise-security; urgency=medium

  * SECURITY UPDATE: directory traversal vulnerability in RequestUtil.java
    - debian/patches/CVE-2015-5174.patch: fix normalization edge cases in
      java/org/apache/tomcat/util/http/RequestUtil.java.
    - CVE-2015-5174
  * SECURITY UPDATE: information disclosure via redirects by mapper
    - debian/patches/CVE-2015-5345.patch: fix redirect logic in
      java/org/apache/catalina/Context.java,
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/connector/MapperListener.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/mbeans-descriptors.xml,
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java,
      java/org/apache/tomcat/util/http/mapper/Mapper.java,
      webapps/docs/config/context.xml.
    - CVE-2015-5345
  * SECURITY UPDATE: securityManager restrictions bypass via
    StatusManagerServlet
    - debian/patches/CVE-2016-0706.patch: place servlet in restricted list
      in java/org/apache/catalina/core/RestrictedServlets.properties.
    - CVE-2016-0706
  * SECURITY UPDATE: securityManager restrictions bypass via
    session-persistence implementation
    - debian/patches/CVE-2016-0714.patch: extend the session attribute
      filtering options in
      java/org/apache/catalina/ha/session/mbeans-descriptors.xml,
      java/org/apache/catalina/session/LocalStrings.properties,
      java/org/apache/catalina/session/ManagerBase.java,
      java/org/apache/catalina/session/mbeans-descriptors.xml,
      webapps/docs/config/cluster-manager.xml,
      webapps/docs/config/manager.xml,
      java/org/apache/catalina/session/StandardManager.java,
      java/org/apache/catalina/util/CustomObjectInputStream.java.
    - CVE-2016-0714
  * SECURITY UPDATE: securityManager restrictions bypass via crafted global
    context
    - debian/patches/CVE-2016-0763.patch: protect initialization in
      java/org/apache/naming/factory/ResourceLinkFactory.java.
    - CVE-2016-0763
  * SECURITY UPDATE: denial of service in FileUpload
    - debian/patches/CVE-2016-3092.patch: properly handle size in
      java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
    - CVE-2016-3092

 -- Marc Deslauriers <email address hidden>  Wed, 29 Jun 2016 14:00:46 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
java
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Precise: [FULLYBUILT] i386

Downloads

File Size SHA-256 Checksum
tomcat6_6.0.35.orig.tar.gz 3.1 MiB d348778396d7dde5c290c87d18464f9abc3b6d4d5e9a8e6ba13c4eddfebe6ab8
tomcat6_6.0.35-1ubuntu3.7.debian.tar.gz 79.7 KiB 391d9102390fced99400ca7eb6ef6433d3a4341f21954ca750dc31c169e4fb1f
tomcat6_6.0.35-1ubuntu3.7.dsc 2.7 KiB b8425943034ac85913fbed162b8d7b80d15193b75457ed7d5fdf3f358c5645fe

View changes file

Binary packages built by this source

libservlet2.5-java: Servlet 2.5 and JSP 2.1 Java API classes

 Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
 specifications from Sun Microsystems, and provides a "pure Java" HTTP web
 server environment for Java code to run.
 .
 This package contains the Java Servlet and JSP library.

libservlet2.5-java-doc: Servlet 2.5 and JSP 2.1 Java API documentation

 Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
 specifications from Sun Microsystems, and provides a "pure Java" HTTP web
 server environment for Java code to run.
 .
 This package contains the documentation for the Java Servlet and JSP library.

libtomcat6-java: Servlet and JSP engine -- core libraries

 Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
 specifications from Sun Microsystems, and provides a "pure Java" HTTP web
 server environment for Java code to run.
 .
 This package contains the Tomcat core classes which can be used by other
 Java applications to embed Tomcat.

tomcat6: Servlet and JSP engine

 Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
 specifications from Sun Microsystems, and provides a "pure Java" HTTP web
 server environment for Java code to run.
 .
 This package contains only the startup scripts for the system-wide daemon.
 No documentation or web applications are included here, please install
 the tomcat6-docs and tomcat6-examples packages if you want them.
 Install the authbind package if you need to use Tomcat on ports 1-1023.
 Install tomcat6-user instead of this package if you don't want Tomcat to
 start as a service.

tomcat6-admin: Servlet and JSP engine -- admin web applications

 Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
 specifications from Sun Microsystems, and provides a "pure Java" HTTP web
 server environment for Java code to run.
 .
 This package contains the administrative web interfaces.

tomcat6-common: Servlet and JSP engine -- common files

 Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
 specifications from Sun Microsystems, and provides a "pure Java" HTTP web
 server environment for Java code to run.
 .
 This package contains common files needed by the tomcat6 and tomcat6-user
 packages (Tomcat 6 scripts and libraries).

tomcat6-docs: Servlet and JSP engine -- documentation

 Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
 specifications from Sun Microsystems, and provides a "pure Java" HTTP web
 server environment for Java code to run.
 .
 This package contains the online documentation web application.

tomcat6-examples: Servlet and JSP engine -- example web applications

 Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
 specifications from Sun Microsystems, and provides a "pure Java" HTTP web
 server environment for Java code to run.
 .
 This package contains the default Tomcat example webapps.

tomcat6-extras: Servlet and JSP engine -- additional components

 Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
 specifications from Sun Microsystems, and provides a "pure Java" HTTP web
 server environment for Java code to run.
 .
 This package contains additional ("extra") component libraries.
 (Currently only catalina-jmx-remote.jar.)

tomcat6-user: Servlet and JSP engine -- tools to create user instances

 Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
 specifications from Sun Microsystems, and provides a "pure Java" HTTP web
 server environment for Java code to run.
 .
 This package contains files needed to create a user Tomcat instance.
 This user Tomcat instance can be started and stopped using the scripts
 provided in the Tomcat instance directory.