[Bug 909828] [NEW] Tomcat needs update to prevent hash function DoS attack
Sami Mäkinen
909828 at bugs.launchpad.net
Thu Dec 29 18:26:18 UTC 2011
*** This bug is a security vulnerability ***
Public security bug reported:
http://www.ocert.org/advisories/ocert-2011-003.html
Natty, Oneiric and any other still supported Ubuntu versions should
upgrade to Tomcat version 6.0.35, to protect against the rather nasty
attack described in the above security advisory.
Tomcat7 should be upgraded to 7.0.23.
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: tomcat6 (not installed)
ProcVersionSignature: Ubuntu 3.0.0-14.23-generic 3.0.9
Uname: Linux 3.0.0-14-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 1.23-0ubuntu4
Architecture: amd64
Date: Thu Dec 29 20:20:29 2011
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: tomcat6
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: tomcat6 (Ubuntu)
Importance: Undecided
Status: New
** Tags: natty oneiric
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat6 in Ubuntu.
https://bugs.launchpad.net/bugs/909828
Title:
Tomcat needs update to prevent hash function DoS attack
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/909828/+subscriptions
More information about the Ubuntu-server-bugs
mailing list