U radu programskog paketa Apache Tomcat 5 otkrivena su i ispravljena dva sigurnosna propusta koja udaljeni napadač može iskoristiti za izvođenje DoS napada.
Paket:
Apache Tomcat 5.x
Operacijski sustavi:
Mandriva Linux 2010.1, Mandriva Linux Enterprise Server 5.0
Kritičnost:
4.1
Problem:
neodgovarajuća provjera ulaznih podataka
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-4858, CVE-2012-0022
Izvorni ID preporuke:
MDVSA-2012:085
Izvor:
Mandriva
Problem:
Propusti su posljedica nepravilnog rukovanja parametrima zahtjeva.
Posljedica:
Udaljeni napadač može iskoristiti navedene propuste za izvođenje napada uskraćivanjem usluge (eng. Denial of Service).
Rješenje:
Kako bi se zaštitili, korisnicima se savjetuje korištenje odgovarajuće programske nadogradnje.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:085
http://www.mandriva.com/security/
_______________________________________________________________________
Package : tomcat5
Date : May 30, 2012
Affected: 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in tomcat5:
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before
7.0.23 uses an inefficient approach for handling parameters, which
allows remote attackers to cause a denial of service (CPU consumption)
via a request that contains many parameters and parameter values,
a different vulnerability than CVE-2011-4858 (CVE-2012-0022).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
4dbdc982091d0b24ca8556e943b506be
2010.1/i586/tomcat5-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
6356e7035b07651650760cc98f6aca8c
2010.1/i586/tomcat5-admin-webapps-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
151bccadefd2c0dedaa16d7bbe3373bd
2010.1/i586/tomcat5-common-lib-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
3740c5f224c2ad0fe5bc0d9ddcabf026
2010.1/i586/tomcat5-jasper-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
c095b8a9f0f37ba7a4124ead3663b473
2010.1/i586/tomcat5-jasper-eclipse-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
8e2d9c8a39370b196801e7bfca1f447f
2010.1/i586/tomcat5-jasper-javadoc-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
dae3e2ddc1a320d0fa5d4265340c08a3
2010.1/i586/tomcat5-jsp-2.0-api-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
bcf8969a94eade64275e4377e921adbf
2010.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
7a4bdce7640fa6feb2243e1853781310
2010.1/i586/tomcat5-server-lib-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
f9f9a9b784960f0ff6074d1f1766ea7e
2010.1/i586/tomcat5-servlet-2.4-api-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
c1f2319f08787fe7fc4a9904962b388e
2010.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
736a729aa7f53b2a5ccd132090f496d2
2010.1/i586/tomcat5-webapps-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
b043f3f9083fce48f48d1e3365885102
2010.1/SRPMS/tomcat5-5.5.28-0.5.0.4mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
fa2228e5ad8d02f6668428673423cf23
2010.1/x86_64/tomcat5-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
6cab7628431c5403fbac528ecce278e8
2010.1/x86_64/tomcat5-admin-webapps-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
be8db2383ca52bf0f0a56f1c51b93816
2010.1/x86_64/tomcat5-common-lib-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
35c820ac3e6171e43f3f49ee73271d94
2010.1/x86_64/tomcat5-jasper-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
8a57cee533df7699954cdf461ecb40d1
2010.1/x86_64/tomcat5-jasper-eclipse-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
7e0851cfee3732cc13a221fd7515b6a7
2010.1/x86_64/tomcat5-jasper-javadoc-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
12ba62390b699f8f01b6021037f64d4e
2010.1/x86_64/tomcat5-jsp-2.0-api-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
80fc555e01f5fe78d3cce0e1ad087a4e
2010.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
e73452455cd3da005619c2bd2ac5651d
2010.1/x86_64/tomcat5-server-lib-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
102f49ecf8fa3546319edf41451f833a
2010.1/x86_64/tomcat5-servlet-2.4-api-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
4b00aa7483f12401b3de5078e9c098b1
2010.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
9b1af506d69a2fa83c6822d8eb215198
2010.1/x86_64/tomcat5-webapps-5.5.28-0.5.0.4mdv2010.2.noarch.rpm
b043f3f9083fce48f48d1e3365885102
2010.1/SRPMS/tomcat5-5.5.28-0.5.0.4mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
89c5a36d142f485772802793d2d232a3
mes5/i586/tomcat5-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
16c504c38fb2ef6ef0da356aefd38d90
mes5/i586/tomcat5-admin-webapps-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
6de741ee82fa06ed08b5f7ea46aaed6b
mes5/i586/tomcat5-common-lib-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
ead39bc8a884aa62e98711592743d44e
mes5/i586/tomcat5-jasper-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
abc7f54d2f91fcc20ffc5444efd19f3b
mes5/i586/tomcat5-jasper-eclipse-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
da2ff51a33f19b032fc2e05e85f9c988
mes5/i586/tomcat5-jasper-javadoc-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
745711acf7a6a929cc12dd619952ad00
mes5/i586/tomcat5-jsp-2.0-api-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
47f8c00bebb138c31442bb6f63e3c151
mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
23dc6ec060cf070ed60a1450a68df37f
mes5/i586/tomcat5-server-lib-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
7379a900bc3fd0cf87bea9fbd2fbcf0c
mes5/i586/tomcat5-servlet-2.4-api-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
7ea3184918916e6a4e18aa17fe3afe17
mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
3c09e502cfdd5fe1b47179d96fdc70e8
mes5/i586/tomcat5-webapps-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
061692d8b800c6d3303d64fb0629340e
mes5/SRPMS/tomcat5-5.5.28-0.5.0.4mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
3b21dd4a87f5b13789838ce56a94ef35
mes5/x86_64/tomcat5-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
0b9c414e98cda30c4d17223a647e86e0
mes5/x86_64/tomcat5-admin-webapps-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
20c3f49e4c82c1649211740cbdcd97d8
mes5/x86_64/tomcat5-common-lib-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
fa035af744dc3c03912c57d593c42370
mes5/x86_64/tomcat5-jasper-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
cf489c169f7ff6c4fc7973911b80e039
mes5/x86_64/tomcat5-jasper-eclipse-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
da956fd30cadb8a97a4a75a295d3be2d
mes5/x86_64/tomcat5-jasper-javadoc-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
aa38aefa424dccab4229c51e49aec3c8
mes5/x86_64/tomcat5-jsp-2.0-api-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
ff7d076e13b7764a6a1a900f610f3e5b
mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
5fcaf167e2e6008a4d94a6de31d24034
mes5/x86_64/tomcat5-server-lib-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
c306a04a9384df2c216caaf4d492da24
mes5/x86_64/tomcat5-servlet-2.4-api-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
ad91c5f29341c327d6e92ae924547f1c
mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
6b79384b098909bedc56a3adb3be5212
mes5/x86_64/tomcat5-webapps-5.5.28-0.5.0.4mdvmes5.2.noarch.rpm
061692d8b800c6d3303d64fb0629340e
mes5/SRPMS/tomcat5-5.5.28-0.5.0.4mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPxe8bmqjQ0CJFipgRAp50AKDGUIoqeWjYPETN6zZv/zhkIQWmhgCg3Sw+
j36Zu9+vX5BjO7g75t7AF64=
=7mL2
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke