Release date:
2023-06-12 16:15:33 UTC
Description:
* SECURITY UPDATE: Apache Tomcat request smuggling
- debian/patches/CVE-2022-42252.patch: Requests with invalid
content-length should always be rejected.
- CVE-2022-42252
* SECURITY UPDATE: AJP Request Injection and potential Remote Code Execution
- debian/patches/CVE-2020-1938.patch: Add new AJP attribute
allowedRequestAttributesPattern. Rename requiredSecret to secret and
add secretRequired. Change the default bind address for AJP to the
loopback address.
- CVE-2020-1938
Updated packages:
-
libtomcat8-embed-java_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb
sha:606bc263ec2532f472715131b83668d4b81e14f8
-
libtomcat8-java_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb
sha:50b362bd9d3914042ae66c2ad770cbe192f8f269
-
tomcat8_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb
sha:c5d2ec8970343cf549f686a6fd0d84fd62e33c7c
-
tomcat8-admin_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb
sha:9a27099fc984d8c9f4959d1afe0943a633d63120
-
tomcat8-common_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb
sha:3954a4dd43221520a0c5c3f3c358601f01812634
-
tomcat8-docs_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb
sha:9f28970bdd29f057f47bff8a5189b144c16c7be5
-
tomcat8-examples_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb
sha:2f0ccb9879d0ee54c9cbcc1795715d0da9dff96c
-
tomcat8-user_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb
sha:61b380b493c7361e5ef371b20740c491ecb25583
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
