Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 16.04 LTS: USN-4557-1 Critical: Tomcat Security Flaws

ubuntu
Calendar Grey September 30, 2020
Dist Ubuntu Esm H88
Urgent security patches released for Tomcat on Ubuntu 16.04 LTS mitigate numerous security flaws.
Several security issues were fixed in Tomcat.

Summary

Several security issues were fixed in Tomcat.

Software Description:

- tomcat6: Servlet and JSP engine

Details:

It was discovered that the Tomcat realm implementations incorrectly handled

passwords when a username didn't exist. A remote attacker could possibly

use this issue to enumerate usernames. (CVE-2016-0762)

Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly

limited use of a certain utility method. A malicious application could

possibly use this to bypass Security Manager restrictions. (CVE-2016-5018)

It was discovered that Tomcat incorrectly controlled reading system

properties. A malicious application could possibly use this to bypass

Security Manager restrictions. (CVE-2016-6794)

It was discovered that Tomcat incorrectly controlled certain configuration

parameters. A malicious application could possibly use this to bypass

Security Manager restrictions. (CVE-2016-6796)

It was discovered that Tomcat incorrectly limited access to global JNDI

resources....

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libservlet2.5-java              6.0.45+dfsg-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4557-1

CVE-2016-0762, CVE-2016-5018, CVE-2016-6794, CVE-2016-6796,

CVE-2016-6797, CVE-2016-6816, CVE-2016-8735

Severity
critical
Lowest
Low
Medium
High
Critical

September 30, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here