Release date:
2024-12-24 18:41:58 UTC
Description:
* SECURITY UPDATE: Missing secure attribute in session cookies when using
RemoteIpFilter with X-Forwarded-Proto header set to https
- debian/patches/CVE-2023-28708.patch: Fix JSessionId secure attribute
missing when RemoteIpFilter determines request submitted via secure
channel
- CVE-2023-28708
Updated packages:
-
libtomcat9-embed-java_9.0.16-3ubuntu0.18.04.2+tuxcare.els7_all.deb
sha:6420cfacdfd8dab6726cf1e3eac4ecd504508646
-
libtomcat9-java_9.0.16-3ubuntu0.18.04.2+tuxcare.els7_all.deb
sha:b6c88459a5b8a8feff383a989701cf7a306931f1
-
tomcat9_9.0.16-3ubuntu0.18.04.2+tuxcare.els7_all.deb
sha:0c3f9298f705cdc41a34ce1dd1e8a3499ef661e1
-
tomcat9-admin_9.0.16-3ubuntu0.18.04.2+tuxcare.els7_all.deb
sha:e4b40fa239ea02dc9442f6b6cef9fe77aa8baf3a
-
tomcat9-common_9.0.16-3ubuntu0.18.04.2+tuxcare.els7_all.deb
sha:c6e927aa5a4cd4ce63506d394084d96730a1ba77
-
tomcat9-docs_9.0.16-3ubuntu0.18.04.2+tuxcare.els7_all.deb
sha:ce1ececc9b161563c27d366dcc20f90e76c482d5
-
tomcat9-examples_9.0.16-3ubuntu0.18.04.2+tuxcare.els7_all.deb
sha:238317acd4afebc720584fabcc72900d1915d2dc
-
tomcat9-user_9.0.16-3ubuntu0.18.04.2+tuxcare.els7_all.deb
sha:9ff6ba082b9f31bc4fe5795efe19d48072f9df74
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
