tomcat8 8.0.37-1ubuntu0.1 source package in Ubuntu

Changelog

tomcat8 (8.0.37-1ubuntu0.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: HTTP response injection via invalid characters
    - debian/patches/CVE-2016-6816.patch: add additional checks for valid
      characters in java/org/apache/coyote/http11/AbstractInputBuffer.java,
      java/org/apache/coyote/http11/AbstractNioInputBuffer.java,
      java/org/apache/coyote/http11/InternalAprInputBuffer.java,
      java/org/apache/coyote/http11/InternalInputBuffer.java,
      java/org/apache/coyote/http11/LocalStrings.properties,
      java/org/apache/tomcat/util/http/parser/HttpParser.java.
    - CVE-2016-6816
  * SECURITY UPDATE: remote code execution via JmxRemoteLifecycleListener
    - debian/patches/CVE-2016-8735.patch: explicitly configure allowed
      credential types in
      java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java.
    - CVE-2016-8735
  * SECURITY UPDATE: information leakage between requests
    - debian/patches/CVE-2016-8745.patch: properly handle cache when unable
      to complete sendfile request in
      java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2016-8745
  * SECURITY UPDATE: privilege escalation during package upgrade
    - debian/rules, debian/tomcat8.postinst: properly set permissions on
      /etc/tomcat8/Catalina/localhost.
    - CVE-2016-9774
  * SECURITY UPDATE: privilege escalation during package removal
    - debian/tomcat8.postrm.in: don't reset permissions before removing
      user.
    - CVE-2016-9775
  * debian/tomcat8.init: further hardening.

 -- Marc Deslauriers <email address hidden>  Fri, 13 Jan 2017 10:48:08 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2017-01-18
Uploaded to:
Yakkety
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
java
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Yakkety: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
tomcat8_8.0.37.orig.tar.xz 3.3 MiB 1ae2c181e1be0e2309712ab597ff0466870bbecd19d5031e60ce63f9d726a55c
tomcat8_8.0.37-1ubuntu0.1.debian.tar.xz 41.6 KiB 3f0b9cb5de3da1639ef5aa3dfc39a9a620ef591707164646d3462baf2f132457
tomcat8_8.0.37-1ubuntu0.1.dsc 2.9 KiB 1d320fdb959cf4a7397c3e8e587f040d48f24523d36ca4396d552d6653645eae

View changes file

Binary packages built by this source

libservlet3.1-java: No summary available for libservlet3.1-java in ubuntu yakkety.

No description available for libservlet3.1-java in ubuntu yakkety.

libservlet3.1-java-doc: No summary available for libservlet3.1-java-doc in ubuntu yakkety.

No description available for libservlet3.1-java-doc in ubuntu yakkety.

libtomcat8-java: No summary available for libtomcat8-java in ubuntu yakkety.

No description available for libtomcat8-java in ubuntu yakkety.

tomcat8: No summary available for tomcat8 in ubuntu yakkety.

No description available for tomcat8 in ubuntu yakkety.

tomcat8-admin: No summary available for tomcat8-admin in ubuntu yakkety.

No description available for tomcat8-admin in ubuntu yakkety.

tomcat8-common: No summary available for tomcat8-common in ubuntu yakkety.

No description available for tomcat8-common in ubuntu yakkety.

tomcat8-docs: No summary available for tomcat8-docs in ubuntu yakkety.

No description available for tomcat8-docs in ubuntu yakkety.

tomcat8-examples: No summary available for tomcat8-examples in ubuntu yakkety.

No description available for tomcat8-examples in ubuntu yakkety.

tomcat8-user: No summary available for tomcat8-user in ubuntu yakkety.

No description available for tomcat8-user in ubuntu yakkety.