[ubuntu/xenial-updates] tomcat8 8.0.32-1ubuntu1.11 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Jan 27 15:28:56 UTC 2020
tomcat8 (8.0.32-1ubuntu1.11) xenial-security; urgency=medium
* SECURITY UPDATE: JMX interface authentication bypass
- debian/patches/CVE-2019-12418.patch: refactor JMX remote RMI registry
creation in JmxRemoteLifecycleListener.java.
- CVE-2019-12418
* SECURITY UPDATE: session fixation attack in FORM authentication
- debian/patches/CVE-2019-17563.patch: refactor so Principal is never
cached in session with cache==false in
java/org/apache/catalina/authenticator/AuthenticatorBase.java,
java/org/apache/catalina/authenticator/Constants.java,
java/org/apache/catalina/authenticator/FormAuthenticator.java.
- CVE-2019-17563
Date: 2020-01-24 18:43:14.062219+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.11
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list