You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa tomcat8

Sigurnosni nedostaci programskog paketa tomcat8

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LDE

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4281-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
August 29, 2018 https://www.debian.org/security/faq
– ————————————————————————-

Package : tomcat8
CVE ID : CVE-2018-1304 CVE-2018-1305 CVE-2018-1336 CVE-2018-8034
CVE-2018-8037
Debian Bug : 867247

Several issues were discovered in the Tomcat servlet and JSP
engine. They could lead to unauthorized access to protected resources,
denial-of-service, or information leak.

For the stable distribution (stretch), these problems have been fixed in
version 8.5.14-1+deb9u3.

We recommend that you upgrade your tomcat8 packages.

For the detailed security status of tomcat8 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tomcat8

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAluGMXcACgkQEL6Jg/PV
nWTlIQf/YJ26WE/GjwkfbxFytqCALb1adfPw+IVbeOu4LWcdlOo/GHMste6wH62E
KERulPQ0UHJXlA1FsLf7BMiJs6pWyHG3/vT9E9Wgdahx6dTGXpt+lRi4ghf3+JfP
suNYJUjNHx5z9LovJSZxByLLM1vDJMCgX4aR8if8Qx96nN3usa3Cx3VNevDqfuLV
79hgCZzghJFNnaMBIp0mEuDyep6wFbOtmsXU1ehGm1JfjKfTnR+N5wPYxWy3J1xg
Qba9UPEcIjYTQyn5JUYhBaQtoBTWohwK2+E1ldawG6epAPpVDm6FggT8GATYIXn0
auihjX3ZzxxZ7dY8bgAVDR7l/NOr5g==
=cibE
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-08-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Ranjivost Cisco Data Center Network Manager softvera

Otkrivena je ranjivost Cisco Data Center Network Manager softvera koja omogućuje izvođenje 'directory traversal' napada. Ranjivost je posljedica neispravne validacije...

Close