Stay Connected:

ELSA-2013-0640

ELSA-2013-0640 - tomcat5 security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2013-03-12

Description


[0:5.5.23-0jpp.38]
- Resolves: CVE-2012-3439 rhbz#882008 three DIGEST authentication
- implementation
- Resolves: CVE-2012-3546, rhbz#913034 Bypass of security constraints.
- Remove unneeded handling of FORM authentication in RealmBase


Related CVEs


CVE-2012-3546
CVE-2012-5885
CVE-2012-5886
CVE-2012-5887

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 5 (i386) tomcat5-5.5.23-0jpp.38.el5_9.src.rpmf26a569bf4f86bb6d6605d29f731ea22ELSA-2013-0870
tomcat5-5.5.23-0jpp.38.el5_9.i386.rpmdd49926c26d467d7c0cc649e56c3dfa3ELSA-2013-0870
tomcat5-admin-webapps-5.5.23-0jpp.38.el5_9.i386.rpm9fa97b37b8adb96fc54cdcd0aeaa239bELSA-2013-0870
tomcat5-common-lib-5.5.23-0jpp.38.el5_9.i386.rpm323a27cbe282867254f2996ed353978cELSA-2013-0870
tomcat5-jasper-5.5.23-0jpp.38.el5_9.i386.rpm7e441bc780b44e3b1d1f08ed0cdacdb3ELSA-2013-0870
tomcat5-jasper-javadoc-5.5.23-0jpp.38.el5_9.i386.rpm0d898bf5193bc2fbd62dfff9936bd365ELSA-2013-0870
tomcat5-jsp-2.0-api-5.5.23-0jpp.38.el5_9.i386.rpmca8baa66437f4035f6c096ccc7a7f5ecELSA-2013-0870
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.38.el5_9.i386.rpmb097a615c542309cb41c9fac7474c179ELSA-2013-0870
tomcat5-server-lib-5.5.23-0jpp.38.el5_9.i386.rpm271be0c41512a91cdc162ce556398192ELSA-2013-0870
tomcat5-servlet-2.4-api-5.5.23-0jpp.38.el5_9.i386.rpmb6024d510e3ec47ac14eecae22d2c51bELSA-2013-0870
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.38.el5_9.i386.rpm6ebb51dbf0766fe7b2ba41d36aa4bc66ELSA-2013-0870
tomcat5-webapps-5.5.23-0jpp.38.el5_9.i386.rpm92b8406a73a85d00c996823a4b6d4d91ELSA-2013-0870
Oracle Linux 5 (ia64) tomcat5-5.5.23-0jpp.38.el5_9.src.rpmf26a569bf4f86bb6d6605d29f731ea22ELSA-2013-0870
tomcat5-5.5.23-0jpp.38.el5_9.ia64.rpm46406af15ec6f95e06e37766e907b8d4ELSA-2013-0870
tomcat5-admin-webapps-5.5.23-0jpp.38.el5_9.ia64.rpm065b086e1121ac1bd3f3670620521ecaELSA-2013-0870
tomcat5-common-lib-5.5.23-0jpp.38.el5_9.ia64.rpma7256f9d7ef5e2597a0fe5fda3781ea1ELSA-2013-0870
tomcat5-jasper-5.5.23-0jpp.38.el5_9.ia64.rpmb3812174d48e708574227034b48a0227ELSA-2013-0870
tomcat5-jasper-javadoc-5.5.23-0jpp.38.el5_9.ia64.rpm6c7e9e396dbc689a8718f8eee8f6a0acELSA-2013-0870
tomcat5-jsp-2.0-api-5.5.23-0jpp.38.el5_9.ia64.rpmd2c27e93b4b0256fd3244e1e52e72d0cELSA-2013-0870
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.38.el5_9.ia64.rpm2ab213cfc10c727cd68fea3a09797734ELSA-2013-0870
tomcat5-server-lib-5.5.23-0jpp.38.el5_9.ia64.rpm9edf3b7836cb2e8b6720fa63988b236fELSA-2013-0870
tomcat5-servlet-2.4-api-5.5.23-0jpp.38.el5_9.ia64.rpm87bab2df70cd4dfbd3bb89048abd5c03ELSA-2013-0870
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.38.el5_9.ia64.rpm0166a0a57425d0dc2911bf740d983981ELSA-2013-0870
tomcat5-webapps-5.5.23-0jpp.38.el5_9.ia64.rpm9ad9afbfa4832205ddb15fed596ab513ELSA-2013-0870
Oracle Linux 5 (x86_64) tomcat5-5.5.23-0jpp.38.el5_9.src.rpmf26a569bf4f86bb6d6605d29f731ea22ELSA-2013-0870
tomcat5-5.5.23-0jpp.38.el5_9.x86_64.rpm91e855a2117b7ccb15cfaae8e229c89aELSA-2013-0870
tomcat5-admin-webapps-5.5.23-0jpp.38.el5_9.x86_64.rpm740ac0f653aa52382493d02b36ed0af0ELSA-2013-0870
tomcat5-common-lib-5.5.23-0jpp.38.el5_9.x86_64.rpm75a10838431087d0bd86b4eaa48493d9ELSA-2013-0870
tomcat5-jasper-5.5.23-0jpp.38.el5_9.x86_64.rpm2a51b673ebabb29f9f37463e91072eb4ELSA-2013-0870
tomcat5-jasper-javadoc-5.5.23-0jpp.38.el5_9.x86_64.rpmb8d311aa3ddf6a565888fe7f71326ab2ELSA-2013-0870
tomcat5-jsp-2.0-api-5.5.23-0jpp.38.el5_9.x86_64.rpmf163c55a83aff54523bf9af42515f264ELSA-2013-0870
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.38.el5_9.x86_64.rpm9f9de03ecdc2e3263cc9a698d96e87eeELSA-2013-0870
tomcat5-server-lib-5.5.23-0jpp.38.el5_9.x86_64.rpm1257009050cee71a7e4c0512c163d354ELSA-2013-0870
tomcat5-servlet-2.4-api-5.5.23-0jpp.38.el5_9.x86_64.rpmd047206c23e416540922b08668b04d7dELSA-2013-0870
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.38.el5_9.x86_64.rpm3070e7ba2f2deb7f74de4a5c7777a29dELSA-2013-0870
tomcat5-webapps-5.5.23-0jpp.38.el5_9.x86_64.rpm7c41199fc68c2c8d3de8d9b22697df6bELSA-2013-0870



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights