---------------------------------------------------------------------Fedora Update Notification
FEDORA-2007-514
2007-05-21
---------------------------------------------------------------------Product     : Fedora Core 6
Name        : jakarta-commons-modeler
Version     : 1.1
Release     : 8jpp.2.fc6
Summary     : Jakarta Commons Modeler Package
Description :
The Modeler project shall create and maintain a set of Java
classes to provide the facilities described in the preceeding section, plus
unit tests and small examples of using these facilities to instrument
Java classes with Model MBean support.

---------------------------------------------------------------------Update Information:

Several security issues were reported to be fixed in
releases prior to 5.5.23 
(https://tomcat.apache.org/security-5.html) 

Tomcat was found to accept multiple content-length headers
in a request. This could allow attackers to poison a
web-cache, bypass web application firewall protection, or
conduct cross-site scripting attacks. (CVE-2005-2090)

Tomcat permitted various characters as path delimiters. If
Tomcat was used behind certain proxies and configured to
only proxy some contexts, an attacker could construct an
HTTP request to work around the context restriction and
potentially access non-proxied content. (CVE-2007-0450)

The implict-objects.jsp file distributed in the examples
webapp displayed a number of unfiltered header values. If
the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting
attacks. (CVE-2006-7195)

Users should upgrade to these erratum packages which contain
an update to Tomcat that resolves these issues. Updated
jakarta-commons-modeler packages are also included which
correct a bug when used with Tomcat 5.5.23.


---------------------------------------------------------------------* Sun Apr 29 2007 Vivek Lakshmanan  - 0:1.1-8jpp.2
- Add patch to fix jira task: MODELER-15 to allow tomcat5 5.5.23
  to build against j-c-modeler
- Resolves: bug 237704

---------------------------------------------------------------------This update can be downloaded from:
    
dad1218b669850e79dbd5d467c95ed95301b8d34  SRPMS/jakarta-commons-modeler-1.1-8jpp.2.fc6.src.rpm
dad1218b669850e79dbd5d467c95ed95301b8d34  noarch/jakarta-commons-modeler-1.1-8jpp.2.fc6.src.rpm
8dd80a01e127b5d40d732ce2e75c5c04e2000421  ppc/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.ppc.rpm
dd1ab4ed4a18518210a3609441d3c337a2dd5a69  ppc/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.ppc.rpm
7f4b54c6922fb76248bafd205e14119183ea99df  ppc/jakarta-commons-modeler-1.1-8jpp.2.fc6.ppc.rpm
2a629ca2249b3012627ce9cea4ef89eee957f82a  x86_64/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.x86_64.rpm
c397048d0562227811fb735b49acb0bda2c68511  x86_64/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.x86_64.rpm
2aa455ba7eb7d52799a3c0d93dab468cefa96c9e  x86_64/jakarta-commons-modeler-1.1-8jpp.2.fc6.x86_64.rpm
ba5a53f53d214e199394ea50cdf2306b049e9085  i386/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.i386.rpm
501ec172627d91dbcabb7134d3b5b3c10f256e06  i386/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.i386.rpm
faee0b25204c51e08dd19930cf2c81880ce9bc23  i386/jakarta-commons-modeler-1.1-8jpp.2.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at .
---------------------------------------------------------------------_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora Core 6 Update: jakarta-commons-modeler-1.1-8jpp.2.fc6

May 21, 2007
Several security issues were reported to be fixed in releases prior to tomcat5.5.23 Tomcat was found to accept multiple content-length headers in a request

Summary

The Modeler project shall create and maintain a set of Java

classes to provide the facilities described in the preceeding section, plus

unit tests and small examples of using these facilities to instrument

Java classes with Model MBean support.

Several security issues were reported to be fixed in

releases prior to 5.5.23

(https://tomcat.apache.org/security-5.html)

Tomcat was found to accept multiple content-length headers

in a request. This could allow attackers to poison a

web-cache, bypass web application firewall protection, or

conduct cross-site scripting attacks. (CVE-2005-2090)

Tomcat permitted various characters as path delimiters. If

Tomcat was used behind certain proxies and configured to

only proxy some contexts, an attacker could construct an

HTTP request to work around the context restriction and

potentially access non-proxied content. (CVE-2007-0450)

The implict-objects.jsp file distributed in the examples

webapp displayed a number of unfiltered header values. If

the JSP examples were accessible, this flaw could allow a

remote attacker to perform cross-site scripting

attacks. (CVE-2006-7195)

Users should upgrade to these erratum packages which contain

an update to Tomcat that resolves these issues. Updated

jakarta-commons-modeler packages are also included which

correct a bug when used with Tomcat 5.5.23.

- Add patch to fix jira task: MODELER-15 to allow tomcat5 5.5.23

to build against j-c-modeler

- Resolves: bug 237704

dad1218b669850e79dbd5d467c95ed95301b8d34 SRPMS/jakarta-commons-modeler-1.1-8jpp.2.fc6.src.rpm

dad1218b669850e79dbd5d467c95ed95301b8d34 noarch/jakarta-commons-modeler-1.1-8jpp.2.fc6.src.rpm

8dd80a01e127b5d40d732ce2e75c5c04e2000421 ppc/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.ppc.rpm

dd1ab4ed4a18518210a3609441d3c337a2dd5a69 ppc/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.ppc.rpm

7f4b54c6922fb76248bafd205e14119183ea99df ppc/jakarta-commons-modeler-1.1-8jpp.2.fc6.ppc.rpm

2a629ca2249b3012627ce9cea4ef89eee957f82a x86_64/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.x86_64.rpm

c397048d0562227811fb735b49acb0bda2c68511 x86_64/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.x86_64.rpm

2aa455ba7eb7d52799a3c0d93dab468cefa96c9e x86_64/jakarta-commons-modeler-1.1-8jpp.2.fc6.x86_64.rpm

ba5a53f53d214e199394ea50cdf2306b049e9085 i386/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.i386.rpm

501ec172627d91dbcabb7134d3b5b3c10f256e06 i386/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.i386.rpm

faee0b25204c51e08dd19930cf2c81880ce9bc23 i386/jakarta-commons-modeler-1.1-8jpp.2.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-package-announce

FEDORA-2007-514 2007-05-21 Name : jakarta-commons-modeler Version : 1.1 Release : 8jpp.2.fc6 Summary : Jakarta Commons Modeler Package Description : The Modeler project shall create and maintain a set of Java classes to provide the facilities described in the preceeding section, plus unit tests and small examples of using these facilities to instrument Java classes with Model MBean support. Several security issues were reported to be fixed in releases prior to 5.5.23 (https://tomcat.apache.org/security-5.html) Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) The implict-objects.jsp file distributed in the examples webapp displayed a number of unfiltered header values. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks. (CVE-2006-7195) Users should upgrade to these erratum packages which contain an update to Tomcat that resolves these issues. Updated jakarta-commons-modeler packages are also included which correct a bug when used with Tomcat 5.5.23. - Add patch to fix jira task: MODELER-15 to allow tomcat5 5.5.23 to build against j-c-modeler - Resolves: bug 237704 dad1218b669850e79dbd5d467c95ed95301b8d34 SRPMS/jakarta-commons-modeler-1.1-8jpp.2.fc6.src.rpm dad1218b669850e79dbd5d467c95ed95301b8d34 noarch/jakarta-commons-modeler-1.1-8jpp.2.fc6.src.rpm 8dd80a01e127b5d40d732ce2e75c5c04e2000421 ppc/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.ppc.rpm dd1ab4ed4a18518210a3609441d3c337a2dd5a69 ppc/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.ppc.rpm 7f4b54c6922fb76248bafd205e14119183ea99df ppc/jakarta-commons-modeler-1.1-8jpp.2.fc6.ppc.rpm 2a629ca2249b3012627ce9cea4ef89eee957f82a x86_64/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.x86_64.rpm c397048d0562227811fb735b49acb0bda2c68511 x86_64/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.x86_64.rpm 2aa455ba7eb7d52799a3c0d93dab468cefa96c9e x86_64/jakarta-commons-modeler-1.1-8jpp.2.fc6.x86_64.rpm ba5a53f53d214e199394ea50cdf2306b049e9085 i386/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.i386.rpm 501ec172627d91dbcabb7134d3b5b3c10f256e06 i386/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.i386.rpm faee0b25204c51e08dd19930cf2c81880ce9bc23 i386/jakarta-commons-modeler-1.1-8jpp.2.fc6.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce

Change Log

References

Update Instructions

Severity
Name : jakarta-commons-modeler
Version : 1.1
Release : 8jpp.2.fc6
Summary : Jakarta Commons Modeler Package

Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved