Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Scientific Linux: Important Tomcat6 Update CVE-2010-4476 Denial Of Service

Calendar Mar 10, 2011 User Avatar LinuxSecurity Advisories
2 - 3 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service bug fix tomcat important update service restart Scientific Linux
Important: tomcat6 security and bug fix update 
Date: Thu, 10 Mar 2011 13:20:57 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Important: tomcat6 on SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Important: tomcat6 security and bug fix update
Issue date:	2011-03-09
CVE Names:	CVE-2010-4476 CVE-2011-0534

A denial of service flaw was found in the way certain strings were
converted to Double objects. A remote attacker could use this flaw to
cause Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)

A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A
remote attacker could use this flaw to cause a denial of service
(out-of-memory condition) via a specially-crafted request containing a
large NIO buffer size request value. (CVE-2011-0534)

This update also fixes the following bug:

* A bug in the "tomcat6" init script prevented additional Tomcat
instances from starting. As well, running "service tomcat6 start" caused
configuration options applied from "/etc/sysconfig/tomcat6" to be
overwritten with those from "/etc/tomcat6/tomcat6.conf". With this
update, multiple instances of Tomcat run as expected. (BZ#676922)

Tomcat must be restarted for this update to take effect.

SL 6.x

 SRPMS:
tomcat6-6.0.24-24.el6_0.src.rpm
 i386:
tomcat6-6.0.24-24.el6_0.noarch.rpm
tomcat6-admin-webapps-6.0.24-24.el6_0.noarch.rpm
tomcat6-docs-webapp-6.0.24-24.el6_0.noarch.rpm
tomcat6-el-2.1-api-6.0.24-24.el6_0.noarch.rpm
tomcat6-javadoc-6.0.24-24.el6_0.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-24.el6_0.noarch.rpm
tomcat6-lib-6.0.24-24.el6_0.noarch.rpm
tomcat6-log4j-6.0.24-24.el6_0.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-24.el6_0.noarch.rpm
tomcat6-webapps-6.0.24-24.el6_0.noarch.rpm
 x86_64:
tomcat6-6.0.24-24.el6_0.noarch.rpm
tomcat6-admin-webapps-6.0.24-24.el6_0.noarch.rpm
tomcat6-docs-webapp-6.0.24-24.el6_0.noarch.rpm
tomcat6-el-2.1-api-6.0.24-24.el6_0.noarch.rpm
tomcat6-javadoc-6.0.24-24.el6_0.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-24.el6_0.noarch.rpm
tomcat6-lib-6.0.24-24.el6_0.noarch.rpm
tomcat6-log4j-6.0.24-24.el6_0.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-24.el6_0.noarch.rpm
tomcat6-webapps-6.0.24-24.el6_0.noarch.rpm

-Connie Sieh
-Troy Dawson
Your message here