FSA/FC6/FEDORA-2007-514

From FedoraProject

< FSA | FC6
Jump to: navigation, search

Fedora Core 6 Update: jakarta-commons-modeler-1.1-8jpp.2.fc6

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-514
2007-05-21
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : jakarta-commons-modeler
Version     : 1.1
Release     : 8jpp.2.fc6
Summary     : Jakarta Commons Modeler Package
Description :
The Modeler project shall create and maintain a set of Java
classes to provide the facilities described in the preceeding section, plus
unit tests and small examples of using these facilities to instrument
Java classes with Model MBean support.

---------------------------------------------------------------------
Update Information:

Several security issues were reported to be fixed in
releases prior to 5.5.23
(http://tomcat.apache.org/security-5.html)

Tomcat was found to accept multiple content-length headers
in a request. This could allow attackers to poison a
web-cache, bypass web application firewall protection, or
conduct cross-site scripting attacks. (CVE-2005-2090)

Tomcat permitted various characters as path delimiters. If
Tomcat was used behind certain proxies and configured to
only proxy some contexts, an attacker could construct an
HTTP request to work around the context restriction and
potentially access non-proxied content. (CVE-2007-0450)

The implict-objects.jsp file distributed in the examples
webapp displayed a number of unfiltered header values. If
the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting
attacks. (CVE-2006-7195)

Users should upgrade to these erratum packages which contain
an update to Tomcat that resolves these issues. Updated
jakarta-commons-modeler packages are also included which
correct a bug when used with Tomcat 5.5.23.


---------------------------------------------------------------------
* Sun Apr 29 2007 Vivek Lakshmanan <vivekl redhat com> - 0:1.1-8jpp.2
- Add patch to fix jira task: MODELER-15 to allow tomcat5 5.5.23
to build against j-c-modeler
- Resolves: bug 237704

---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

dad1218b669850e79dbd5d467c95ed95301b8d34  SRPMS/jakarta-commons-modeler-1.1-8jpp.2.fc6.src.rpm
dad1218b669850e79dbd5d467c95ed95301b8d34  noarch/jakarta-commons-modeler-1.1-8jpp.2.fc6.src.rpm
8dd80a01e127b5d40d732ce2e75c5c04e2000421  ppc/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.ppc.rpm
dd1ab4ed4a18518210a3609441d3c337a2dd5a69  ppc/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.ppc.rpm
7f4b54c6922fb76248bafd205e14119183ea99df  ppc/jakarta-commons-modeler-1.1-8jpp.2.fc6.ppc.rpm
2a629ca2249b3012627ce9cea4ef89eee957f82a  x86_64/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.x86_64.rpm
c397048d0562227811fb735b49acb0bda2c68511  x86_64/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.x86_64.rpm
2aa455ba7eb7d52799a3c0d93dab468cefa96c9e  x86_64/jakarta-commons-modeler-1.1-8jpp.2.fc6.x86_64.rpm
ba5a53f53d214e199394ea50cdf2306b049e9085  i386/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.i386.rpm
501ec172627d91dbcabb7134d3b5b3c10f256e06  i386/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.i386.rpm
faee0b25204c51e08dd19930cf2c81880ce9bc23  i386/jakarta-commons-modeler-1.1-8jpp.2.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------