Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Ubuntu 19.04 & 18.04 LTS: USN-4128-2 Moderate: Tomcat XSS And DoS

ubuntu
Calendar Grey September 18, 2019
Dist Ubuntu Esm H88
Protection vulnerabilities fixed in Tomcat 9 for users on Ubuntu. Ensure you apply updates to safeguard against possible risks.
Several security issues were fixed in Tomcat 9.

Summary

Several security issues were fixed in Tomcat 9.

Software Description:

- tomcat9: Servlet and JSP engine

Details:

It was discovered that the Tomcat 9 SSI printenv command echoed user 

provided data without escaping it. An attacker could possibly use this 

issue to perform an XSS attack. (CVE-2019-0221)

It was discovered that Tomcat 9 did not address HTTP/2 connection window

exhaustion on write while addressing CVE-2019-0199. An attacker could 

possibly use this issue to cause a denial of service. (CVE-2019-10072)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  libtomcat9-java                 9.0.16-3ubuntu0.19.04.1
  tomcat9                         9.0.16-3ubuntu0.19.04.1

Ubuntu 18.04 LTS:
  libtomcat9-java                 9.0.16-3ubuntu0.18.04.1
  tomcat9                         9.0.16-3ubuntu0.18.04.1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-4128-2

  https://ubuntu.com/security/notices/USN-4128-1

  CVE-2019-0221, CVE-2019-10072

=============Ubuntu Security Notice USN-4128-2

Package Information

  https://launchpad.net/ubuntu/+source/tomcat9/9.0.16-3ubuntu0.19.04.1
  https://launchpad.net/ubuntu/+source/tomcat9/9.0.16-3ubuntu0.18.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.