- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-3787-1
October 10, 2018
tomcat7, tomcat8 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Tomcat could be made to redirect to arbitrary locations.
Software Description:
– tomcat8: Servlet and JSP engine
– tomcat7: Servlet and JSP engine
Details:
It was discovered that Tomcat incorrectly handled returning redirects to a
directory. A remote attacker could possibly use this issue with a specially
crafted URL to redirect to arbitrary URIs.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libtomcat8-java 8.0.32-1ubuntu1.8
tomcat8 8.0.32-1ubuntu1.8
Ubuntu 14.04 LTS:
libtomcat7-java 7.0.52-1ubuntu0.16
tomcat7 7.0.52-1ubuntu0.16
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3787-1
CVE-2018-11784
Package Information:
https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.8
https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.16
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlu+Id4ACgkQZWnYVadE
vpOq8w//ejQx/hIOuyq0Ob/lpzKNtxykcaMGRJVhlwjrUn9ikPthvl1xcwJV7hts
NxqcieuYiwCSzSW8yA/EEWJ8/vAnuzwa0AEZEzHrH/mgCbJcy7nWKyR15tW28zo0
2Po6vzQILZAZdt/RA2EcMep78q7xMlUpHpx5tE0egnJy+f6SosWiOGZNuGsf2LYR
9JfZS5IxdMyHP1LbZBB8leeVsoo7zHEjPddxME8GDJWa/wJnxaOVrpFE3/oB04pn
T4tqaec8nNf5OdHF/o1RNVW9SPuZFgmH+aViADwqbrVAzmYZZkAkwrjZcEzoTN0g
EmtBQeHIS6AWI8n+7B/9G2KxnkayTPtUE5tWDU1UMMEQz7evJnjPZ8Lm01S1ubmP
841ZBBFlxn+Huv9gCnuiKkbMoJXbKzlncCE8pvYu3q7qQ3PJx8RZZGrOo1Pwpf+E
XyinsdRlc7aH9/Gy2s3wnVll1CdE/M28iXfJUe8SKY8VwAnK8mC/JcjidnEoXulK
Fhy7fmdX56HjlYhOahoedaGCerI9vWJiK3gliYtFvkWDU9HoXOUx2wlR4faZkgsu
MHrC4VWr0ufxlD534gqaszMcoWojU11w1n43P5Ix/nYAQOesFc4OLfPqwfuUEUEf
swo6AaNdFcsm/doDGjQyRA7AxW/Ghns0q0ig2cjzyoRV+qtyWLM=
=RmVZ
—–END PGP SIGNATURE—–
—
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2018-10-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
