Tomcat9 - Ubuntu 20.04 x64
Ralf Mardorf
ralf.mardorf at alice-dsl.net
Tue Nov 15 16:57:02 UTC 2022
On Mon, 2022-11-14 at 16:00 +0000, Brad Turnbough wrote:
> Can someone look into getting this package updated in order to resolve
> this vulnerability?
Hi,
why should a release model distro, especially a long term support
release model distro, update to another software version? This doesn't
make much sense. Maybe a security fix was already backported, maybe not.
What vulnerabilities were mentioned by your snake oil scan?
Without having it installed on my machine, just doing a 1 minute
Internet research "Denial of Service" was found several times for Ubuntu
related to Tomcat. Maybe it's a vulnerability that is already fixed?
"[...]* SECURITY UPDATE: TLS Denial of Service
diff -Nru tomcat9-9.0.31/debian/logrotate.template tomcat9-
9.0.31/debian/logrotate.template [...]" -
http://launchpadlibrarian.net/618600500/tomcat9_9.0.31-1ubuntu0.2_9.0.31-1ubuntu0.3.diff.gz
"[...] leading to a denial of service [...]"
https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1888848
https://ubuntu.com/security/notices/USN-4596-1
The changelog is installed on your machine, you can simply grep the
changelog for "Denial" and related terms, you even don't need to do the
research by the Internet.
Regards,
Ralf
More information about the Ubuntu-devel-discuss
mailing list