Several security issues were fixed in Tomcat.
Software Description:
- tomcat7: Servlet 3.0 and JSP 2.2 Java API classes
Details:
It was discovered that the Tomcat SSI printenv command echoed user
provided data without escaping it. An attacker could possibly use this
issue to perform an XSS attack. (CVE-2019-0221)
It was discovered that Tomcat incorrectly handled certain uncommon
PersistenceManager with FileStore configurations. A remote attacker could
possibly use this issue to execute arbitrary code.
(CVE-2020-9484, CVE-2021-25329)
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libservlet3.0-java 7.0.78-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libservlet3.0-java 7.0.68-1ubuntu0.4+esm2 Available with Ubuntu Pro libtomcat7-java 7.0.68-1ubuntu0.4+esm2 Available with Ubuntu Pro tomcat7 7.0.68-1ubuntu0.4+esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS libservlet3.0-java 7.0.52-1ubuntu0.16+esm1 Available with Ubuntu Pro libtomcat7-java 7.0.52-1ubuntu0.16+esm1 Available with Ubuntu Pro tomcat7 7.0.52-1ubuntu0.16+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6908-1
CVE-2019-0221, CVE-2020-9484, CVE-2021-25329
Get the latest Linux and open source security news straight to your inbox.