ubuntu/+source/tomcat6:applied/ubuntu/trusty-updates

Last commit made on 2018-10-17
Get this branch:
git clone -b applied/ubuntu/trusty-updates https://git.launchpad.net/ubuntu/+source/tomcat6
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/trusty-updates
Repository:
lp:ubuntu/+source/tomcat6

Recent commits

a0f4499... by Eduardo dos Santos Barretto on 2018-10-11

Import patches-applied version 6.0.39-1ubuntu0.1 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: fbcb77efb5d4799e0b73e2999141dde4994c0acd
Unapplied parent: e256b16a4e440b3c284d2ba1835b4cc99f5eb7a7

New changelog entries:
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2014-0075.patch: Fix integer overflow in the
      parseChunkHeader function in
      java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
    - CVE-2014-0075
  * SECURITY UPDATE: Bypass security-manager restrictions and read
    arbitrary files via a crafted web application that provides an XML
    external entity declaration in conjunction with an entity reference.
    - debian/patches/CVE-2014-0096.patch: Properly restrict XSLT
      stylesheets
    - CVE-2014-0096
  * SECURITY UPDATE: Fix integer overflow.
    - debian/patches/CVE-2014-0099.patch: Fix in
      java/org/apache/tomcat/util/buf/Ascii.java
    - CVE-2014-0099
  * SECURITY UPDATE: Read arbitrary files via a crafted web application
    that provides an XML external entity declaration in conjunction with
    an entity reference.
    - debian/patches/CVE-2014-0119-1.patch: fix in SecurityClassLoad.java
      and DefaultServlet.java
    - debian/patches/CVE-2014-0119-2.patch: fix in TldConfig.java
    - debian/patches/CVE-2014-0119-3.patch: fix in multiple files
    - CVE-2014-0119
  * SECURITY UPDATE: Add error flag to allow subsequent attempts at
    reading after an error to fail fast.
    - debian/patches/CVE-2014-0227.patch: fix in ChunkedInputFilter.java
    - CVE-2014-0227
  * SECURITY UPDATE: DoS (thread consumption) via a series of aborted
    upload attempts.
    - debian/patches/CVE-2014-0230.patch: add support for maxSwallowSize
    - CVE-2014-0230
  * SECURITY UPDATE: Bypass a SecurityManager protection mechanism via a
    web application that leverages use of incorrect privileges during EL
    evaluation.
    - debian/patches/CVE-2014-7810-1.patch: fix in BeanELResolver.java
    - debian/patches/CVE-2014-7810-2.patch: fix in PageContextImpl.java
      and SecurityClassLoad.java
    - CVE-2014-7810
  * SECURITY UPDATE: Directory traversal vulnerability in RequestUtil.java
    - debian/patches/CVE-2015-5174.patch: fix in RequestUtil.java
    - CVE-2015-5174
  * SECURITY UPDATE: Remote attackers can determine the existence of a
    directory via a URL that lacks a trailing slash character.
    - debian/patches/CVE-2015-5345-1.patch: fix in multiple files
    - debian/patches/CVE-2015-5345-2.patch: fix in multiple files
    - CVE-2015-5345
  * SECURITY UPDATE: Bypass CSRF protection mechanism by using a token.
    - debian/patches/CVE-2015-5351-1.patch: fix in manager application
    - debian/patches/CVE-2015-5351-2.patch: fix in host-manager
      application
    - CVE-2015-5351
  * SECURITY UPDATE: Bypass intended SecurityManager restrictions and
    read arbitrary HTTP requests, and consequently discover session ID
    values, via a crafted web application.
    - debian/patches/CVE-2016-0706.patch: fix in
      RestrictedServlets.properties
    - CVE-2016-0706
  * SECURITY UPDATE: Bypass intended SecurityManager restrictions and
    execute arbitrary code in a privileged context via a web application
    that places a crafted object in a session.
    - debian/patches/CVE-2016-0714-1.patch: fix in multiple files.
    - debian/patches/CVE-2016-0714-2.patch: fix in multiple files.
    - CVE-2016-0714
  * SECURITY UPDATE: Possible to determine valid user names.
    - debian/patches/CVE-2016-0762.patch: fix in MemoryRealm.java and
      RealmBase.java
    - CVE-2016-0762
  * SECURITY UPDATE: Bypass intended SecurityManager restrictions and
    read or write to arbitrary application data, or cause a denial of
    service (application disruption), via a web application that sets
    a crafted global context.
    - debian/patches/CVE-2016-0763.patch: fix in ResourceLinkFactory.java
    - CVE-2016-0763
  * SECURITY UPDATE: Access to the tomcat account to gain root privileges
    via a symlink attack on the Catalina log file.
    - debian/tomcat6.init: don't follow symlinks when handling the
      catalina.out file.
    - CVE-2016-1240

e256b16... by Eduardo dos Santos Barretto on 2018-10-11

Allow the global naming context to be reset. Useful when running multiple embedded instances in series since it allows each instance to configure its own global naming context.

Gbp-Pq: CVE-2016-0763.patch.

ee7b458... by Eduardo dos Santos Barretto on 2018-10-11

Make timing attacks against the Realm implementations harder. (schultz/markt)

Gbp-Pq: CVE-2016-0762.patch.

2742b40... by Eduardo dos Santos Barretto on 2018-10-11

When using the new sessionAttributeValueClassNameFilter, apply the filter earlier rather than loading the class and then deciding to filter it out.

Gbp-Pq: CVE-2016-0714-2.patch.

5ba5022... by Eduardo dos Santos Barretto on 2018-10-11

Expand the session attribute filtering options

Gbp-Pq: CVE-2016-0714-1.patch.

1cb8f06... by Eduardo dos Santos Barretto on 2018-10-11

Add the StatusManagerServlet to the list of Servlets that can only be loaded by privileged applications.

Gbp-Pq: CVE-2016-0706.patch.

9808c34... by Eduardo dos Santos Barretto on 2018-10-11

Don't create session unnecessarily in the Host Manager application

Gbp-Pq: CVE-2015-5351-2.patch.

7b30410... by Eduardo dos Santos Barretto on 2018-10-11

Don't create sessions unnecessarily in the Manager application.

Gbp-Pq: CVE-2015-5351-1.patch.

03da27b... by Eduardo dos Santos Barretto on 2018-10-11

Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58660

Gbp-Pq: CVE-2015-5345-2.patch.

9cbbe77... by Eduardo dos Santos Barretto on 2018-10-11

Move the functionality that provides redirects for context roots and directories where a trailing <code>/</code> is added from the Mapper to the DefaultServlet. This enables such requests to be processed by any configured Valves and Filters before the redirect is made. This behaviour is configurable via the mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled attributes of the Context which may be used to restore the previous behaviour.

Gbp-Pq: CVE-2015-5345-1.patch.