[ubuntu/xenial-security] tomcat8 8.0.32-1ubuntu1.11 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jan 27 15:02:00 UTC 2020
tomcat8 (8.0.32-1ubuntu1.11) xenial-security; urgency=medium
* SECURITY UPDATE: JMX interface authentication bypass
- debian/patches/CVE-2019-12418.patch: refactor JMX remote RMI registry
creation in JmxRemoteLifecycleListener.java.
- CVE-2019-12418
* SECURITY UPDATE: session fixation attack in FORM authentication
- debian/patches/CVE-2019-17563.patch: refactor so Principal is never
cached in session with cache==false in
java/org/apache/catalina/authenticator/AuthenticatorBase.java,
java/org/apache/catalina/authenticator/Constants.java,
java/org/apache/catalina/authenticator/FormAuthenticator.java.
- CVE-2019-17563
Date: 2020-01-24 18:43:14.062219+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.11
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list