ELSA-2013-0870

ELSA-2013-0870 - tomcat5 security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2013-05-28

Description


[0:5.5.23-0jpp.40]
- Related: CVE-2013-1976 It was found during additional testing
- that the tomcat5 init may fail to start because the user
- shell is set to sbin/nologin. Fixed in init scrip. SU now
- uses -s /bin/sh during startup

[0:5.5.23-0jpp.39]
- Resolves: CVE-2013-1976 Improper TOMCAT_LOG management in
- initscript. Change location of TOMCAT_LOG to /var/log so
- only root can write to it. Touching TOMCAT_LOG is no longer
- required during initscript startup. Permissions and ownership
- changed to 0755 tomcat:root for logdir


Related CVEs


CVE-2013-1976

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 5 (i386) tomcat5-5.5.23-0jpp.40.el5_9.src.rpmd09b4523998686a0f4816ed65eea97fd-
tomcat5-5.5.23-0jpp.40.el5_9.i386.rpm380fdfcde37945def843b0c6eb648d0e-
tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.i386.rpm97df643e92b8fe345427d9d35341069a-
tomcat5-common-lib-5.5.23-0jpp.40.el5_9.i386.rpm67259c5d5a13f91a6803f418ad28244f-
tomcat5-jasper-5.5.23-0jpp.40.el5_9.i386.rpma9b1b1cb37c73b1b4f46f06d8618bc62-
tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.i386.rpme2fd305ac21ba727614b5266ca152d80-
tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.i386.rpm23ecb52e82ada836843c1cd8aa0d44f2-
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.i386.rpm6f1272984636c8705237c7b84ea94338-
tomcat5-server-lib-5.5.23-0jpp.40.el5_9.i386.rpm2032fafc97e69fec36d770d51e6260dc-
tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.i386.rpm83452f3e1fadffb6913372e36dc7bfe2-
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.i386.rpmaef84a633fe17e2b720cd9481940c55f-
tomcat5-webapps-5.5.23-0jpp.40.el5_9.i386.rpm9948cbacbdc0b6115d6f8506006a6b52-
Oracle Linux 5 (ia64) tomcat5-5.5.23-0jpp.40.el5_9.src.rpmd09b4523998686a0f4816ed65eea97fd-
tomcat5-5.5.23-0jpp.40.el5_9.ia64.rpm4ce2d55e6a048affd9d4819a1c4ae8f4-
tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.ia64.rpmac6f089a7aaeccdd5c3dd9be4cf88b05-
tomcat5-common-lib-5.5.23-0jpp.40.el5_9.ia64.rpmf836889f9a946978b42a3b5bb4121d6b-
tomcat5-jasper-5.5.23-0jpp.40.el5_9.ia64.rpm0ee0f4f7a69621af7845b105088fb44f-
tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.ia64.rpm053c936a1c71141384aa05f097385ee4-
tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.ia64.rpmb9b623a29b482b2bab2288ef75255b56-
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.ia64.rpm6c84ed84a2ca910fee01d1041e3db978-
tomcat5-server-lib-5.5.23-0jpp.40.el5_9.ia64.rpm0aa88791fea5346e5dc69c2bf43c1024-
tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.ia64.rpmde23b45d00b3febc28de8236cfe39da6-
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.ia64.rpm90e13007b9af71983778e591e7131c0c-
tomcat5-webapps-5.5.23-0jpp.40.el5_9.ia64.rpmc49743fcdc77a33cdd8ce39a41231f23-
Oracle Linux 5 (x86_64) tomcat5-5.5.23-0jpp.40.el5_9.src.rpmd09b4523998686a0f4816ed65eea97fd-
tomcat5-5.5.23-0jpp.40.el5_9.x86_64.rpm60aa3dc44d10e5522783d125bbaa7e71-
tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.x86_64.rpm82b0a36a5de9ed376d2d48a904f07674-
tomcat5-common-lib-5.5.23-0jpp.40.el5_9.x86_64.rpm3cb9a50ae4c5d63218b4fe4667b73879-
tomcat5-jasper-5.5.23-0jpp.40.el5_9.x86_64.rpmf7a2478304b5d3c4b8e5a1ef83f00e9a-
tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpmfc9737f026b89580beed5a644663a1be-
tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.x86_64.rpmb25f00125b223d3ccd563e260bd0967a-
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpm499fcc14c50fcc25810114b37622fc57-
tomcat5-server-lib-5.5.23-0jpp.40.el5_9.x86_64.rpm912be7b11c11374879f24d6ba432a7ae-
tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.x86_64.rpm7a67dd0ea6a3ef5e4f69eea91e7bf57b-
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpma7fe019bbc14476fa65caf342617698a-
tomcat5-webapps-5.5.23-0jpp.40.el5_9.x86_64.rpm83db06948a60c0a36a14457b1a564b12-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete