[CLSA-2022:1655757814] Fix CVE(s): CVE-2020-1938, CVE-2020-9484, CVE-2021-25329

Type:

security

Severity:

Critical

Release date:

2022-06-20 20:43:34 UTC

Description:

   * Fix build process:
     - debian/keystores/*.pem|*.jks: update expiring certs and keystores
     - debian/patches/0028-update-expiring-test-certs.patch: update expiring
       test certs
     - debian/patches/0029-fix-path-to-valid-keystore.patch: fix path to valid
       keystore
     - debian/patches/0030-use-tls12-in-tests.patch: use TLSv1.2 protocol
       instead of TLSv1 for several tests
   * SECURITY UPDATE: AJP Request Injection and potential Remote Code Execution
     - debian/patches/CVE-2020-1938-1.patch: rename requiredSecret to secret
       and add secretRequired
     - debian/patches/CVE-2020-1938-2.patch: refactor secret check
     - debian/patches/CVE-2020-1938-3.patch: add new AJP attribute
       allowedArbitraryRequestAttributes
     - debian/patches/CVE-2020-1938-4.patch: change the default bind address
       for AJP to the loopback address
     - CVE-2020-1938
   * SECURITY UPDATE: Remote Code Execution via session persistence
     - debian/patches/CVE-2020-9484.patch: improve validation of storage
       location when using FileStore
     - CVE-2020-9484
   * SECURITY UPDATE: Fix for CVE-2020-9484 was incomplete
     - debian/patches/CVE-2021-25329.patch: use consistent approach for
       sub-directory checking
     - CVE-2021-25329

Updated packages:

libservlet3.0-java_7.0.68-1ubuntu0.4+tuxcare.els1_all.deb
sha:1ac80c267ebe536917077ee0599c7e99e124f62d
libservlet3.0-java-doc_7.0.68-1ubuntu0.4+tuxcare.els1_all.deb
sha:5428cdde1f820c84286641ac89bfb6ee19545b80
libtomcat7-java_7.0.68-1ubuntu0.4+tuxcare.els1_all.deb
sha:eadd9eb3bbfca5795d0029d1992c374a69778e7f
tomcat7_7.0.68-1ubuntu0.4+tuxcare.els1_all.deb
sha:79f4822b569bb3e478b76f828c71e4dbc9ba309d
tomcat7-admin_7.0.68-1ubuntu0.4+tuxcare.els1_all.deb
sha:935d12280bddb2bc8ccec01580eb116f7f956054
tomcat7-common_7.0.68-1ubuntu0.4+tuxcare.els1_all.deb
sha:758ade8c5b6216763b12ea7f437490b361185916
tomcat7-docs_7.0.68-1ubuntu0.4+tuxcare.els1_all.deb
sha:f61b9a18d81ec706bc407bc9153dff8d3139d584
tomcat7-examples_7.0.68-1ubuntu0.4+tuxcare.els1_all.deb
sha:8ade094c213208189137957acab367b653885527
tomcat7-user_7.0.68-1ubuntu0.4+tuxcare.els1_all.deb
sha:9f59f70f51672b1da58e3606a20e5b464d5d1df9

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.