tomcat6_6.0.45+dfsg-1~deb7u1_all.deb


Advertisement

Description

tomcat6 - Servlet and JSP engine

Property Value
Distribution Debian 7 (Wheezy)
Repository Debian Main i386
Package name tomcat6
Package version 6.0.45+dfsg
Package release 1~deb7u1
Package architecture all
Package type deb
Installed size 364 B
Download size 49.94 KB
Official Mirror ftp.br.debian.org
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Sun Microsystems, and provides a "pure Java" HTTP web
server environment for Java code to run.
This package contains only the startup scripts for the system-wide daemon.
No documentation or web applications are included here, please install
the tomcat6-docs and tomcat6-examples packages if you want them.
Install the authbind package if you need to use Tomcat on ports 1-1023.
Install tomcat6-user instead of this package if you don't want Tomcat to
start as a service.

Alternatives

Package Version Architecture Repository
tomcat6_6.0.45+dfsg-1~deb7u5_all.deb 6.0.45+dfsg all Debian Security Updates Main
tomcat6_6.0.45+dfsg-1~deb7u5_all.deb 6.0.45+dfsg all Debian Security Updates Main
tomcat6_6.0.45+dfsg-1~deb7u1_all.deb 6.0.45+dfsg all Debian Main
tomcat6 - - -

Requires

Name Value
adduser -
debconf >= 0.5
debconf-2.0 -
tomcat6-common >= 6.0.45+dfsg-1~deb7u1
ucf -

Download

Type URL
Binary Package tomcat6_6.0.45+dfsg-1~deb7u1_all.deb
Source Package tomcat6

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install tomcat6 deb package:
    # sudo apt-get install tomcat6

Files

Path
/etc/cron.daily/tomcat6
/etc/init.d/tomcat6
/etc/tomcat6/catalina.properties
/etc/tomcat6/context.xml
/etc/tomcat6/logging.properties
/etc/tomcat6/server.xml
/etc/tomcat6/tomcat-users.xml
/etc/tomcat6/web.xml
/etc/tomcat6/policy.d/01system.policy
/etc/tomcat6/policy.d/02debian.policy
/etc/tomcat6/policy.d/03catalina.policy
/etc/tomcat6/policy.d/04webapps.policy
/etc/tomcat6/policy.d/50local.policy
/usr/share/doc/tomcat6/README.Debian.gz
/usr/share/doc/tomcat6/changelog.Debian.gz
/usr/share/doc/tomcat6/copyright
/usr/share/tomcat6/defaults.md5sum
/usr/share/tomcat6/defaults.template
/usr/share/tomcat6/logrotate.md5sum
/usr/share/tomcat6/logrotate.template
/usr/share/tomcat6-root/default_root/index.html
/usr/share/tomcat6-root/default_root/META-INF/context.xml
/var/lib/tomcat6/conf
/var/lib/tomcat6/logs
/var/lib/tomcat6/work

Changelog

2016-03-16 - Markus Koschany <apo@debian.org>
tomcat6 (6.0.45+dfsg-1~deb7u1) wheezy-security; urgency=high
* Team upload.
* The full list of changes between 6.0.35 (the version previously available
in Wheezy) and 6.0.45 can be seen in the upstream changelog, which is
available online at http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
* This update fixes the following security issues:
- CVE-2014-0033: prevent remote attackers from conducting session
fixation attacks via crafted URLs.
- CVE-2014-0119: Fix not properly constraining class loader that accesses
the XML parser used with an XSLT stylesheet which allowed remote
attackers to read arbitrary files via crafted web applications.
- CVE-2014-0099: Fix integer overflow in
java/org/apache/tomcat/util/buf/Ascii.java.
- CVE-2014-0096: Properly restrict XSLT stylesheets that allowed remote
attackers to bypass security-manager restrictions.
- CVE-2014-0075: Fix integer overflow in the parseChunkHeader function in
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java.
- CVE-2013-4590: prevent "Tomcat internals" information leaks.
- CVE-2013-4322: prevent remote attackers from doing denial of service
attacks.
- CVE-2013-4286: reject requests with multiple content-length headers or
with a content-length header when chunked encoding is being used.
- Avoid CVE-2013-1571 when generating Javadoc.
* CVE-2014-0227.patch:
- Add error flag to allow subsequent attempts at reading after an error to
fail fast.
* CVE-2014-0230: Add support for maxSwallowSize.
* CVE-2014-7810:
- Fix potential BeanELResolver issue when running under a security manager.
Some classes may not be accessible but may have accessible interfaces.
* CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java.
* CVE-2015-5345: The Mapper component in Apache Tomcat before 6.0.45
processes redirects before considering security constraints and Filters.
* CVE-2016-0706: Apache Tomcat before 6.0.45 does not place
org.apache.catalina.manager.StatusManagerServlet on the
org/apache/catalina/core/RestrictedServlets.properties list which allows
remote authenticated users to bypass intended SecurityManager
restrictions.
* CVE-2016-0714: The session-persistence implementation in Apache Tomcat
before 6.0.45 mishandles session attributes, which allows remote
authenticated users to bypass intended SecurityManager restrictions.
* CVE-2016-0763: The setGlobalContext method in
org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat does
not consider whether ResourceLinkFactory.setGlobalContext callers are
authorized, which allows remote authenticated users to bypass intended
SecurityManager restrictions and read or write to arbitrary application
data, or cause a denial of service (application disruption), via a web
application that sets a crafted global context.
* CVE-2015-5351: The Manager and Host Manager applications in
Apache Tomcat establish sessions and send CSRF tokens for arbitrary new
requests, which allows remote attackers to bypass a CSRF protection
mechanism by using a token.
* Drop the following patches. Applied upstream.
- 0011-CVE-2012-0022-regression-fix.patch
- 0012-CVE-2012-3544.patch
- 0014-CVE-2012-4534.patch
- 0015-CVE-2012-4431.patch
- 0016-CVE-2012-3546.patch
- 0017-CVE-2013-2067.patch
- cve-2012-2733.patch
- cve-2012-3439.patch
- CVE-2014-0227.patch
- CVE-2014-0230.patch
- CVE-2014-7810-1.patch
- CVE-2014-7810-2.patch
- 0011-Fix-for-NoSuchElementException-when-an-attribute-has.patch
2013-07-18 - Moritz Mühlenhoff <jmm@debian.org>
tomcat6 (6.0.35-6+deb7u1) stable-security; urgency=low
* CVE-2012-3544, CVE-2013-2067

See Also

Package Description
tomcat7-admin_7.0.28-4+deb7u4_all.deb Servlet and JSP engine -- admin web applications
tomcat7-common_7.0.28-4+deb7u4_all.deb Servlet and JSP engine -- common files
tomcat7-docs_7.0.28-4+deb7u4_all.deb Servlet and JSP engine -- documentation
tomcat7-examples_7.0.28-4+deb7u4_all.deb Servlet and JSP engine -- example web applications
tomcat7-user_7.0.28-4+deb7u4_all.deb Servlet and JSP engine -- tools to create user instances
tomcat7_7.0.28-4+deb7u4_all.deb Servlet and JSP engine
tomoe-doc_0.6.0-1.3_all.deb Handwriting recognition engine (documentation)
tomoyo-tools_2.5.0-20120414-2_i386.deb Lightweight and easy-use Mandatory Access Control for Linux
toonloop_2.2.0-1+b1_i386.deb live animation editor
topal_75-1_i386.deb Links Pine and GnuPG together
topgit_0.8-1.1_all.deb a Git patch queue manager
toppler_1.1.5-2_i386.deb clone of the "Nebulus" game on old 8 and 16 bit machines
tor-arm_1.4.5.0-1_all.deb terminal status monitor for tor
tor-geoipdb_0.2.4.27-1_all.deb GeoIP database for Tor
tor_0.2.4.27-1_i386.deb anonymizing overlay network for TCP
Advertisement
Advertisement