What Are You Looking For?

Sign Up
Date:         Tue, 1 Jul 2014 10:02:40 -0500
Reply-To:     Bonnie King 
Sender:       Security Errata for Scientific Linux
              
From:         Bonnie King 
Subject:      FASTBUGS for SL 6x i386, x86_64 now available
Comments: To: scientific-linux-errata@fnal.gov
In-Reply-To:  <53A99B32.2040706@fnal.gov>
MIME-Version: 1.0

The following FASTBUGS have been uploaded to


i386:
coreutils-8.4-31.el6_5.2.i686.rpm
coreutils-libs-8.4-31.el6_5.2.i686.rpm
gdb-7.2-60.el6_4.4.i686.rpm
gdb-gdbserver-7.2-60.el6_4.4.i686.rpm
gnupg2-2.0.14-8.el6.i686.rpm
gnupg2-smime-2.0.14-8.el6.i686.rpm
rsh-0.17-64.el6.i686.rpm
rsh-server-0.17-64.el6.i686.rpm

x86_64:
coreutils-8.4-31.el6_5.2.x86_64.rpm
coreutils-libs-8.4-31.el6_5.2.x86_64.rpm
gdb-7.2-60.el6_4.4.x86_64.rpm
gdb-gdbserver-7.2-60.el6_4.4.x86_64.rpm
gnupg2-2.0.14-8.el6.x86_64.rpm
gnupg2-smime-2.0.14-8.el6.x86_64.rpm
rsh-0.17-64.el6.x86_64.rpm
rsh-server-0.17-64.el6.x86_64.rpm
Date:         Tue, 8 Jul 2014 10:07:43 -0500
Reply-To:     Bonnie King 
Sender:       Security Errata for Scientific Linux
              
From:         Bonnie King 
Subject:      FASTBUGS for SL 6x i386, x86_64 now available
Comments: To: scientific-linux-errata@fnal.gov
In-Reply-To:  <53B2CD90.4050907@fnal.gov>
MIME-Version: 1.0

The following FASTBUGS have been uploaded to


i386:
debugmode-9.03.40-2.el6_5.2.i686.rpm
initscripts-9.03.40-2.el6_5.2.i686.rpm
libvisual-0.4.0-10.el6.i686.rpm
libvisual-devel-0.4.0-10.el6.i686.rpm
nfs-utils-1.2.3-39.el6_5.3.i686.rpm
system-config-firewall-1.2.27-7.1.el6.noarch.rpm
system-config-firewall-base-1.2.27-7.1.el6.noarch.rpm
system-config-firewall-tui-1.2.27-7.1.el6.noarch.rpm

x86_64:
debugmode-9.03.40-2.el6_5.2.x86_64.rpm
initscripts-9.03.40-2.el6_5.2.x86_64.rpm
libvisual-0.4.0-10.el6.i686.rpm
libvisual-0.4.0-10.el6.x86_64.rpm
libvisual-devel-0.4.0-10.el6.i686.rpm
libvisual-devel-0.4.0-10.el6.x86_64.rpm
nfs-utils-1.2.3-39.el6_5.3.x86_64.rpm
system-config-firewall-1.2.27-7.1.el6.noarch.rpm
system-config-firewall-base-1.2.27-7.1.el6.noarch.rpm
system-config-firewall-tui-1.2.27-7.1.el6.noarch.rpm
Date:         Wed, 9 Jul 2014 10:48:30 -0500
Reply-To:     Pat Riehecky 
Sender:       Security Errata for Scientific Linux
              
From:         Pat Riehecky 
Subject:      Now Available: Software Collections 1.1 for SL6 x86_64
MIME-Version: 1.0

The updated Software Collection Library 1.1 packages from upstream
have been posted to SL6 x86_64's dedicated repo.

This repo features updated software products with a shorter lifecycle 
than the base distribution.

It includes:

- Ruby 1.9.3 with Rails 3.2.8
- Ruby 2.0.0 with Rails 4.0
- Python 2.7 and 3.3
- PHP 5.4 and 5.5
- Perl 5.16.3

- Apache 2.4
- MySQL and MariaDB 5.5
- PostgreSQL 9.2
- MongoDB 2.4

With the following as Technology Preview:

- Node.js 0.10
- Nginx 1.4.4
- Thermostat 1.0

The following supporting tools are provided:
- V8 JavaScript engine 3.14

Please be sure to review the published documentation and upstream 
release notes.


https://access.redhat.com/documentation/en-US/Red_Hat_Software_Collections/1/html/1.1_Release_Notes/

-- 
Pat Riehecky

Scientific Linux developer
Date:         Wed, 9 Jul 2014 18:16:17 +0000
Reply-To:     scientific-linux-users@listserv.fnal.gov
Sender:       Security Errata for Scientific Linux
              
From:         Pat Riehecky 
Subject:      Security ERRATA Moderate: tomcat6 on SL6.x i386/srpm/x86_64
MIME-Version: 1.0

Synopsis:          Moderate: tomcat6 security and bug fix update
Advisory ID:       SLSA-2014:0865-1
Issue Date:        2014-07-09
CVE Numbers:       CVE-2014-0075
                   CVE-2014-0096
                   CVE-2014-0099
--

It was discovered that Apache Tomcat did not limit the length of chunk
sizes when using chunked transfer encoding. A remote attacker could use
this flaw to perform a denial of service attack against Tomcat by
streaming an unlimited quantity of data, leading to excessive consumption
of server resources. (CVE-2014-0075)

It was found that Apache Tomcat did not check for overflowing values when
parsing request content length headers. A remote attacker could use this
flaw to perform an HTTP request smuggling attack on a Tomcat server
located behind a reverse proxy that processed the content length header
correctly. (CVE-2014-0099)

It was found that the org.apache.catalina.servlets.DefaultServlet
implementation in Apache Tomcat allowed the definition of XML External
Entities (XXEs) in provided XSLTs. A malicious application could use this
to circumvent intended security restrictions to disclose sensitive
information. (CVE-2014-0096)

This update also fixes the following bugs:

* The patch that resolved the CVE-2014-0050 issue contained redundant
code. This update removes the redundant code.

* The patch that resolved the CVE-2013-4322 issue contained an invalid
check that triggered a java.io.EOFException while reading trailer headersfor chunked requests. This update fixes the check and the aforementioned
exception is no longer triggered in the described scenario.

Tomcat must be restarted for this update to take effect.
--

SL6
  x86_64
    tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm
    tomcat6-6.0.24-72.el6_5.noarch.rpm
    tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm
    tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm
    tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm
    tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm
    tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm
    tomcat6-lib-6.0.24-72.el6_5.noarch.rpm
    tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm
  i386
    tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm
    tomcat6-6.0.24-72.el6_5.noarch.rpm
    tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm
    tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm
    tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm
    tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm
    tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm
    tomcat6-lib-6.0.24-72.el6_5.noarch.rpm
    tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm
  srpm
    tomcat6-6.0.24-72.el6_5.src.rpm
  noarch
    tomcat6-6.0.24-72.el6_5.noarch.rpm
    tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm
    tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm
    tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm
    tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm
    tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm
    tomcat6-lib-6.0.24-72.el6_5.noarch.rpm
    tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm
    tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm

- Scientific Linux Development Team

SciLinux: CVE-2014-0075 Moderate: tomcat6 SL6.x i386/srpm/x86_64

Moderate: tomcat6 security and bug fix update

Summary

Moderate: tomcat6 security and bug fix update



Security Fixes

Severity
Advisory ID: SLSA-2014:0865-1
Issued Date: : 2014-07-09
CVE Numbers: CVE-2014-0075
CVE-2014-0096
CVE-2014-0099

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Kali vs. ParrotOS: 2 Versatile Linux Distros for Security Pros

Dec 9, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo