Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Debian 8: DLA-1609-1 Critical: Libapache-Mod-Jk Information Disclosure

debian lts
Calendar Grey December 17, 2018
Dist Debian Esm H88
Important libapache-mod-jk patch resolves security vulnerabilities related to data leakage and privilege escalation in Debian 8.
A vulnerability has been discovered in libapache-mod-jk, the Apache 2 connector for the Tomcat Java servlet engine

Summary

The libapache-mod-jk connector is susceptible to information disclosure
and privilege escalation because of a mishandling of URL normalization.

The nature of the fix required that libapache-mod-jk in Debian 8
"Jessie" be updated to the latest upstream release. For reference, the
upstream changes associated with each release version are documented
here:

https://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html

For Debian 8 "Jessie", this problem has been fixed in version
1.2.46-0+deb8u1.

We recommend that you upgrade your libapache-mod-jk packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: libapache-mod-jk
Version: 1.2.46-0+deb8u1
CVE ID: CVE-2018-11759

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.