[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7

updates at fedoraproject.org updates at fedoraproject.org
Sat Nov 17 05:34:43 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3456
2007-11-17 05:34:34.162575
--------------------------------------------------------------------------------

Name        : tomcat5
Product     : Fedora 7
Version     : 5.5.25
Release     : 1jpp.1.fc7
URL         : http://tomcat.apache.org
Summary     : Apache Servlet/JSP Engine, RI for Servlet 2.4/JSP 2.0 API
Description :
Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed by
Sun under the Java Community Process.

Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Tomcat is intended to be
a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project. To
learn more about getting involved, click here.

--------------------------------------------------------------------------------
Update Information:

Updated Tomcat5 packages that fix several security bugs are now available for Fedora Core 7.

This update includes fixes to the following:

* CVE-2007-1355
* CVE-2007-3386
* CVE-2007-3385
* CVE-2007-3382
* CVE-2007-2450
* CVE-2007-2449
* CVE-2007-5461
* CVE-2007-1358

All users of tomcat are advised to update to these packages.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1
- Updated to 5.5.25, to fix the following issues:
  * CVE-2007-1355
  * CVE-2007-3386
  * CVE-2007-3385
  * CVE-2007-3382
  * CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081
  * CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081
- Applied patch(20) for RH bugzilla #333791, CVE-2007-5461 
- Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358
* Mon Aug  6 2007 Ben Konrath <bkonrath at redhat.com> 0:5.5.23-9jpp.4
- Add jasper-eclipse subpackage which is needed for eclipse 3.3.
- Inject OSGi manifest into servlet api jar and jsp api jar.
* Mon Jul 23 2007 Vivek Lakshmanan <vivekl at redhat.com> 0:5.5.23-9jpp.3
- Resolves: Bug 246374
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #244810 - CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 tomcat5 various flaws [F7]
        https://bugzilla.redhat.com/show_bug.cgi?id=244810
  [ 2 ] Bug #244804 - CVE-2007-2449 tomcat examples jsp XSS
        https://bugzilla.redhat.com/show_bug.cgi?id=244804
  [ 3 ] Bug #247994 - CVE-2007-3386 tomcat host manager xss
        https://bugzilla.redhat.com/show_bug.cgi?id=247994
  [ 4 ] Bug #247972 - CVE-2007-3382 tomcat handling of cookies
        https://bugzilla.redhat.com/show_bug.cgi?id=247972
  [ 5 ] Bug #244803 - CVE-2007-1358 tomcat accept-language xss flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=244803
  [ 6 ] Bug #244808 - CVE-2007-2450 tomcat host manager XSS
        https://bugzilla.redhat.com/show_bug.cgi?id=244808
  [ 7 ] Bug #247976 - CVE-2007-3385 tomcat handling of cookie values
        https://bugzilla.redhat.com/show_bug.cgi?id=247976
  [ 8 ] Bug #253166 - CVE-2007-1355 tomcat XSS in samples
        https://bugzilla.redhat.com/show_bug.cgi?id=253166
--------------------------------------------------------------------------------
Updated packages:

29977b4e89d5e04476398fad3bae5fd4e22bffa9 tomcat5-servlet-2.4-api-5.5.25-1jpp.1.fc7.ppc64.rpm
c5dd7e172b145bdf29f9deb131e805f1c447557f tomcat5-jasper-javadoc-5.5.25-1jpp.1.fc7.ppc64.rpm
7bdd8fa493de9903ea415b5174b22f6645ca1cf1 tomcat5-5.5.25-1jpp.1.fc7.ppc64.rpm
bf244d2ed8621375ff20254f04f2151913066add tomcat5-admin-webapps-5.5.25-1jpp.1.fc7.ppc64.rpm
3cefddf2a847eafd087eacebc61919234528bc95 tomcat5-jasper-5.5.25-1jpp.1.fc7.ppc64.rpm
369f324c76022781d2de7bbe285613c1b9309df1 tomcat5-webapps-5.5.25-1jpp.1.fc7.ppc64.rpm
eb9ef6a68e1e08f7ddc01ba8d3e00727bc93cda8 tomcat5-servlet-2.4-api-javadoc-5.5.25-1jpp.1.fc7.ppc64.rpm
006bd8442c9935d3f5e8a15995b2b273e9349e35 tomcat5-jsp-2.0-api-5.5.25-1jpp.1.fc7.ppc64.rpm
8c1144ffa30c0cc88dcbf78215ce785e70d0942e tomcat5-debuginfo-5.5.25-1jpp.1.fc7.ppc64.rpm
ed60501b657039e91030b9f72036eba75ca54a9e tomcat5-jsp-2.0-api-javadoc-5.5.25-1jpp.1.fc7.ppc64.rpm
fbc4dcd03400b6670b149a9562e8ca1ce4ad6285 tomcat5-server-lib-5.5.25-1jpp.1.fc7.ppc64.rpm
f941b0911bf122d42c682604d23ff283e904107a tomcat5-jasper-eclipse-5.5.25-1jpp.1.fc7.ppc64.rpm
dfc5f65705a9c5d0227d8f1475cb00559bb5ef42 tomcat5-common-lib-5.5.25-1jpp.1.fc7.ppc64.rpm
fdcba159b75597000c4bed1709916d21704bf8d7 tomcat5-jasper-5.5.25-1jpp.1.fc7.i386.rpm
be063a63d8bdde4b900130e0be70e07421a3962f tomcat5-5.5.25-1jpp.1.fc7.i386.rpm
dc0ee1cd18bba3623e81972f5711f17a60db0794 tomcat5-jsp-2.0-api-5.5.25-1jpp.1.fc7.i386.rpm
7f36f227aa9616f629446533011b0cbc34e2cb57 tomcat5-servlet-2.4-api-javadoc-5.5.25-1jpp.1.fc7.i386.rpm
b730312ac8301dbecfaafaac8bd5270b66b4a288 tomcat5-admin-webapps-5.5.25-1jpp.1.fc7.i386.rpm
eab2b1c3a99ab81c1e955dbee89ac21ee3c6763c tomcat5-servlet-2.4-api-5.5.25-1jpp.1.fc7.i386.rpm
72cec5414c81397ec050f1e41726dcbdced3820d tomcat5-jsp-2.0-api-javadoc-5.5.25-1jpp.1.fc7.i386.rpm
7f9914019fd60213976dca16204f00e55f5d0b24 tomcat5-jasper-eclipse-5.5.25-1jpp.1.fc7.i386.rpm
333ed1588c7f1c501ad26a3053ad65df36911ab9 tomcat5-jasper-javadoc-5.5.25-1jpp.1.fc7.i386.rpm
2588d982a8e6e11645d6f0a9bc778045bdde38c3 tomcat5-server-lib-5.5.25-1jpp.1.fc7.i386.rpm
033cfcf51af6935d0d385a6eb49f085a38b224ce tomcat5-common-lib-5.5.25-1jpp.1.fc7.i386.rpm
7b10de0193f0cedb09fc1f3235a92195ee46fa3e tomcat5-debuginfo-5.5.25-1jpp.1.fc7.i386.rpm
b999a040e3ddbc216c19e5fb97de40e4d0aad290 tomcat5-webapps-5.5.25-1jpp.1.fc7.i386.rpm
ea30ef0a5ab112abd55aa077530d6238fe713926 tomcat5-jasper-5.5.25-1jpp.1.fc7.x86_64.rpm
2dab9e93e6d8382646b25aef84a1835747da57ca tomcat5-admin-webapps-5.5.25-1jpp.1.fc7.x86_64.rpm
324bd2bb4ebf0eec5d1ff8a68faea33464f5d511 tomcat5-jasper-javadoc-5.5.25-1jpp.1.fc7.x86_64.rpm
1aeb59f59ed6ce21b6eeb624d764719b3ffa9f78 tomcat5-server-lib-5.5.25-1jpp.1.fc7.x86_64.rpm
f5ffdb4016d31dd24ff231f83fd8e012a08c897f tomcat5-servlet-2.4-api-javadoc-5.5.25-1jpp.1.fc7.x86_64.rpm
74be5fc50f1e1b0abfd359ee614ffac8273adcb0 tomcat5-jasper-eclipse-5.5.25-1jpp.1.fc7.x86_64.rpm
7709f46dae55d6f5e29a2a6df20f4e403401ff1b tomcat5-webapps-5.5.25-1jpp.1.fc7.x86_64.rpm
8ce01c3f60a26b7531831463572fa25569c5d4d2 tomcat5-5.5.25-1jpp.1.fc7.x86_64.rpm
f670fac3ab41180cf95adc32fae3ac65fcb66071 tomcat5-debuginfo-5.5.25-1jpp.1.fc7.x86_64.rpm
e515274b55df23f41040cea791ef6484f9868758 tomcat5-jsp-2.0-api-5.5.25-1jpp.1.fc7.x86_64.rpm
57984b30cd2ee48376631dd60ba42593b3c8b44c tomcat5-common-lib-5.5.25-1jpp.1.fc7.x86_64.rpm
3fff5ed978bbecdb306d47591c5dbbc1ff9d7f92 tomcat5-jsp-2.0-api-javadoc-5.5.25-1jpp.1.fc7.x86_64.rpm
2d35e44e2051d8c021996faaaaff5f7b9147f2a7 tomcat5-servlet-2.4-api-5.5.25-1jpp.1.fc7.x86_64.rpm
25f4846fc37192f64cd15aef10b45d51cb2c8fe6 tomcat5-admin-webapps-5.5.25-1jpp.1.fc7.ppc.rpm
5c654cdaaea3263c5867c53e86592e03d8663dc2 tomcat5-debuginfo-5.5.25-1jpp.1.fc7.ppc.rpm
15b452516f3d7282bb8d61df9f63bdb4127a154d tomcat5-servlet-2.4-api-javadoc-5.5.25-1jpp.1.fc7.ppc.rpm
5633feb2e7f3bf95cba8ee778ed6b0b99aa714a6 tomcat5-jsp-2.0-api-javadoc-5.5.25-1jpp.1.fc7.ppc.rpm
a90c317f153024cd76cea3db2433e10014f6d842 tomcat5-jasper-5.5.25-1jpp.1.fc7.ppc.rpm
ab20945fdbbc00499c56e9e6421d3c8a0f0a240a tomcat5-webapps-5.5.25-1jpp.1.fc7.ppc.rpm
9c207f54f5c4b229efba97e512a881e244051c5c tomcat5-servlet-2.4-api-5.5.25-1jpp.1.fc7.ppc.rpm
696bc2a064f0516b14b5b63abc2ca7839dcd05da tomcat5-jasper-javadoc-5.5.25-1jpp.1.fc7.ppc.rpm
4d0f3594739f884c10aa52736f086fbbb8f5e568 tomcat5-common-lib-5.5.25-1jpp.1.fc7.ppc.rpm
3b6af15c12242dbaafba10d1a85dcf7ed2884d08 tomcat5-5.5.25-1jpp.1.fc7.ppc.rpm
2427fdd06da0a81c6f4a97a84443979ea4cfbec3 tomcat5-jsp-2.0-api-5.5.25-1jpp.1.fc7.ppc.rpm
5700d6707e39f08553b4504ec83a7b2858c809ca tomcat5-jasper-eclipse-5.5.25-1jpp.1.fc7.ppc.rpm
873e9b36a8399d52d337ce23b9cde2a4ea82ef93 tomcat5-server-lib-5.5.25-1jpp.1.fc7.ppc.rpm
df5476a26366a63c13fe4d6ca1f84f30ec2d8f51 tomcat5-5.5.25-1jpp.1.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update tomcat5' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the package-announce mailing list