Release date:
2023-06-12 16:17:57 UTC
Description:
* SECURITY UPDATE: Apache Tomcat request smuggling
- debian/patches/CVE-2022-42252.patch: Requests with invalid
content-length should always be rejected.
- CVE-2022-42252
* SECURITY UPDATE: AJP Request Injection and potential Remote Code Execution
- debian/patches/CVE-2020-1938.patch: Add new AJP attribute
allowedRequestAttributesPattern. Rename requiredSecret to secret and add
secretRequired. Change the default bind address for AJP to the
loopback address.
- CVE-2020-1938
Updated packages:
-
libtomcat9-embed-java_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb
sha:a0879fd1d8138ccc3afd5bb896d27e2e34333347
-
libtomcat9-java_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb
sha:65cc901c1ec2497cb5438c9e540d1908dc071204
-
tomcat9_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb
sha:c1ed3040126532aaabaa4effdaf5e670de09435b
-
tomcat9-admin_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb
sha:97b7d836435e35cb19a5d1f79d976cd855953e97
-
tomcat9-common_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb
sha:1f6eac7296503d5714adcb8949bc92209e3eca75
-
tomcat9-docs_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb
sha:cf6063e1b3d76bc51794a34db19366873b9fb14e
-
tomcat9-examples_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb
sha:3c25c0234a296c5637652c5d51c29c607ad7bd22
-
tomcat9-user_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb
sha:fc382ddcebf466a4a29274e5685717080236369e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
