[CLSA-2024:1705081413] Fix CVE(s): CVE-2023-46589
Type:
security
Severity:
Important
Release date:
2024-01-12 17:43:37 UTC
Description:
* SECURITY UPDATE: Request smuggling - debian/patches/CVE-2023-46589-pre1.patch: Correct a regression in the error page handling that prevented error pages from issuing redirects or taking other action that required the response status code to be changed - debian/patches/CVE-2023-46589-pre2.patch: Align processing of trailer headers with standard processing - debian/patches/CVE-2023-46589-pre3.patch: Differentiate request cancellation from a bad request - debian/patches/CVE-2023-46589-pre4.patch: Use application provided status code for error page if present - debian/patches/CVE-2023-46589.patch: Ensure IOException on request read always triggers error handling - CVE-2023-46589 * Internal tests: - debian/patches/0100-stop-testing-if-a-failure-occurs.patch: Stop testing if a failure occurs - debian/patches/0101-skipping-tests-incompatible-with-firewall.patch: Skipping tests incompatible with the firewall settings of the build system - debian/test_certs/user1.jks: Update the keystore file from the upstream branch 8.5.x
Updated packages:
  • libtomcat8-embed-java_8.5.39-1ubuntu1~18.04.3+tuxcare.els6_all.deb
    sha:07cce26a61b69ff6d96df455bb54c72f6bb6435d
  • libtomcat8-java_8.5.39-1ubuntu1~18.04.3+tuxcare.els6_all.deb
    sha:c211c8671268cbf28d5ede4c8aadb49d67049e8b
  • tomcat8_8.5.39-1ubuntu1~18.04.3+tuxcare.els6_all.deb
    sha:a79167c4a6f8746020c5f46f6ccc564d8505f3c5
  • tomcat8-admin_8.5.39-1ubuntu1~18.04.3+tuxcare.els6_all.deb
    sha:edbfdee19ae0fcb1826ed3191e00a8453fab2049
  • tomcat8-common_8.5.39-1ubuntu1~18.04.3+tuxcare.els6_all.deb
    sha:0543115c5a34c3d7c70a40e24b03b86a01251e88
  • tomcat8-docs_8.5.39-1ubuntu1~18.04.3+tuxcare.els6_all.deb
    sha:d5f3459186a0fdaaaf62ed124fab528a9450a830
  • tomcat8-examples_8.5.39-1ubuntu1~18.04.3+tuxcare.els6_all.deb
    sha:8c2d9c4547d2449bdac45945f4cebaea0da6aead
  • tomcat8-user_8.5.39-1ubuntu1~18.04.3+tuxcare.els6_all.deb
    sha:7833800a68293661edda75c429796db79c3fc1e0
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.