Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Wed, 23 Mar 2016 16:31:20 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Moderate: tomcat6 on SL6.x i386/x86_64 MIME-Version: 1.0 Message-ID: <20160323163120.31995.47716@slpackages.fnal.gov> Synopsis: Moderate: tomcat6 security and bug fix update Advisory ID: SLSA-2016:0492-1 Issue Date: 2016-03-23 CVE Numbers: CVE-2014-7810 -- It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810) This update also fixes the following bug: * Previously, using a New I/O (NIO) connector in the Apache Tomcat 6 servlet resulted in a large memory leak. An upstream patch has been applied to fix this bug, and the memory leak no longer occurs. Tomcat must be restarted for this update to take effect. -- SL6 x86_64 tomcat6-6.0.24-94.el6_7.x86_64.rpm tomcat6-admin-webapps-6.0.24-94.el6_7.x86_64.rpm tomcat6-debuginfo-6.0.24-94.el6_7.x86_64.rpm tomcat6-docs-webapp-6.0.24-94.el6_7.x86_64.rpm tomcat6-el-2.1-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-javadoc-6.0.24-94.el6_7.x86_64.rpm tomcat6-jsp-2.1-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-lib-6.0.24-94.el6_7.x86_64.rpm tomcat6-servlet-2.5-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-webapps-6.0.24-94.el6_7.x86_64.rpm i386 tomcat6-6.0.24-94.el6_7.i686.rpm tomcat6-admin-webapps-6.0.24-94.el6_7.i686.rpm tomcat6-debuginfo-6.0.24-94.el6_7.i686.rpm tomcat6-docs-webapp-6.0.24-94.el6_7.i686.rpm tomcat6-el-2.1-api-6.0.24-94.el6_7.i686.rpm tomcat6-javadoc-6.0.24-94.el6_7.i686.rpm tomcat6-jsp-2.1-api-6.0.24-94.el6_7.i686.rpm tomcat6-lib-6.0.24-94.el6_7.i686.rpm tomcat6-servlet-2.5-api-6.0.24-94.el6_7.i686.rpm tomcat6-webapps-6.0.24-94.el6_7.i686.rpm - Scientific Linux Development Team