From Fedora Project Wiki

< FSA‎ | FC6

Fedora Core 6 Update: tomcat5-5.5.23-0jpp.2.fc6

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-514
2007-05-21
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : tomcat5
Version     : 5.5.23
Release     : 0jpp.2.fc6
Summary     : Apache Servlet/JSP Engine, RI for Servlet 2.4/JSP 2.0 API
Description :
Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed by
Sun under the Java Community Process.

Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Tomcat is intended to be
a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project. To
learn more about getting involved, click here.

---------------------------------------------------------------------
Update Information:

Several security issues were reported to be fixed in
releases prior to 5.5.23
(http://tomcat.apache.org/security-5.html)

Tomcat was found to accept multiple content-length headers
in a request. This could allow attackers to poison a
web-cache, bypass web application firewall protection, or
conduct cross-site scripting attacks. (CVE-2005-2090)

Tomcat permitted various characters as path delimiters. If
Tomcat was used behind certain proxies and configured to
only proxy some contexts, an attacker could construct an
HTTP request to work around the context restriction and
potentially access non-proxied content. (CVE-2007-0450)

The implict-objects.jsp file distributed in the examples
webapp displayed a number of unfiltered header values. If
the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting
attacks. (CVE-2006-7195)

Users should upgrade to these erratum packages which contain
an update to Tomcat that resolves these issues. Updated
jakarta-commons-modeler packages are also included which
correct a bug when used with Tomcat 5.5.23.

---------------------------------------------------------------------
* Tue May  8 2007 Vivek Lakshmanan <vivekl redhat com> - 0:5.5.23-0jpp.2
- Rebuild
- Add catalina.out to the rpm and set explicit permissions; tomcat ownership
- Resolves: bug 237088
* Mon Apr 23 2007 Vivek Lakshmanan <vivekl redhat com> - 0:5.5.23-0jpp.1
- Resolves: bug 237088
- Merge 0:5.5.17-8jpp.2 with sources/patches from 5.5.23
- Build against jakarta-commons-modeler 1.1 with MODELER-15 patch
* Thu Jan 18 2007 Rafael Schloming <rafaels redhat com> - 0:5.5.17-8jpp.2
- Changed PreReq to Requires(pre)
* Wed Oct  4 2006 Fernando Nasser <fnasser redhat com> 0:5.5.17-8jpp.1
- Merge with upstream
* Wed Oct  4 2006 Permaine Cheung <pcheung redhat com> 0:5.5.17-8jpp
- Fix condrestart in init script and location of init script in the spec file.
* Mon Oct  2 2006 Permaine Cheung <pcheung redhat com> 0:5.5.17-7jpp
- Add the new config file, and add the CONNECTOR_PORT variable in it.
* Mon Oct  2 2006 Permaine Cheung <pcheung redhat com> 0:5.5.17-6jpp
- Add the ability to start multiple instances of tomcat on the same machine.

---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

4cca27a62b490d4bf7bf7260953cdda3fe7b9632  SRPMS/tomcat5-5.5.23-0jpp.2.fc6.src.rpm
4cca27a62b490d4bf7bf7260953cdda3fe7b9632  noarch/tomcat5-5.5.23-0jpp.2.fc6.src.rpm
fa28a89b09743ddcbb66a3c4e3d93ddee0e61f80  ppc/tomcat5-webapps-5.5.23-0jpp.2.fc6.ppc.rpm
babc63085ca6d10b9d8929c182d32284d087882a  ppc/debug/tomcat5-debuginfo-5.5.23-0jpp.2.fc6.ppc.rpm
59294e81a221af65ef7aa1e6dc482896f05bf2da  ppc/tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.2.fc6.ppc.rpm
626197a35ffb3d02153b84aa237309008ed67e1f  ppc/tomcat5-servlet-2.4-api-5.5.23-0jpp.2.fc6.ppc.rpm
5f3a626c616d94886d89e61e3bf58891748c92d7  ppc/tomcat5-admin-webapps-5.5.23-0jpp.2.fc6.ppc.rpm
4ae8d9162d6bd4df4adbfc89de8ed436027d8072  ppc/tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.2.fc6.ppc.rpm
a033072d572483f5a01585330a487d72fdc9d454  ppc/tomcat5-5.5.23-0jpp.2.fc6.ppc.rpm
5c94bb64a50ce805f67ca754d03c324d3ee9c191  ppc/tomcat5-common-lib-5.5.23-0jpp.2.fc6.ppc.rpm
cfde40d1adeaca9bd3e0c8f7724d8cac6746e66a  ppc/tomcat5-jsp-2.0-api-5.5.23-0jpp.2.fc6.ppc.rpm
9714969cd5a2e095aa98a3241e106e942f718c78  ppc/tomcat5-jasper-5.5.23-0jpp.2.fc6.ppc.rpm
f83be623d67da74aa707dc9c2cd8e404fd9ab388  ppc/tomcat5-server-lib-5.5.23-0jpp.2.fc6.ppc.rpm
204e54dc778e70928bf0b3f9da4ad4eac7eb645a  ppc/tomcat5-jasper-javadoc-5.5.23-0jpp.2.fc6.ppc.rpm
06be1666b690dbdd52f91128e0b3ba91adccedc1  x86_64/tomcat5-5.5.23-0jpp.2.fc6.x86_64.rpm
842bf589d1e6734fb192dd934486153d44a6ef43  x86_64/tomcat5-admin-webapps-5.5.23-0jpp.2.fc6.x86_64.rpm
3976f5f7b0e59976a13ac56d39ebf9c666e1ba8f  x86_64/debug/tomcat5-debuginfo-5.5.23-0jpp.2.fc6.x86_64.rpm
2b57e22fce9d78a248218aa4c7b33132796a8640  x86_64/tomcat5-server-lib-5.5.23-0jpp.2.fc6.x86_64.rpm
95896ca7579076120463d0beb1cc613254292796  x86_64/tomcat5-common-lib-5.5.23-0jpp.2.fc6.x86_64.rpm
0085f20c161c502511dfd25233747b302d5a7521  x86_64/tomcat5-jasper-javadoc-5.5.23-0jpp.2.fc6.x86_64.rpm
6d30e6f4c472916dd262c0056192ed880abcbb45  x86_64/tomcat5-jsp-2.0-api-5.5.23-0jpp.2.fc6.x86_64.rpm
89d644b14afa349fffe4d24d6a37416b5ac45e11  x86_64/tomcat5-servlet-2.4-api-5.5.23-0jpp.2.fc6.x86_64.rpm
7e6ad962c2c3915442a81ea71939e0004e917678  x86_64/tomcat5-webapps-5.5.23-0jpp.2.fc6.x86_64.rpm
4ff870f0ee9d6d23a7f2abf1883700270efefbb8  x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.2.fc6.x86_64.rpm
f71f1eca6dd73bc4e02664d12e846fb4e3aa3b03  x86_64/tomcat5-jasper-5.5.23-0jpp.2.fc6.x86_64.rpm
7a2a66f27f119ae7de932733930375b751c1bc6f  x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.2.fc6.x86_64.rpm
29b88174aaf36c0bab7fd70973aacfed1502a471  i386/tomcat5-common-lib-5.5.23-0jpp.2.fc6.i386.rpm
6bd22d9f96ada74ef5402fb613da90a670024115  i386/tomcat5-5.5.23-0jpp.2.fc6.i386.rpm
2d0f392b9c90f05524d30ffaf0b138d5d5adb7ea  i386/tomcat5-webapps-5.5.23-0jpp.2.fc6.i386.rpm
2dca87727af3ddfaf28cf673f30ca4dc445189d5  i386/tomcat5-jasper-5.5.23-0jpp.2.fc6.i386.rpm
bba9784fb0f9d1754b4299d68ebfb35a2c760691  i386/tomcat5-jsp-2.0-api-5.5.23-0jpp.2.fc6.i386.rpm
adb7176bd20f5cd86f024f166c6c052441ffc096  i386/debug/tomcat5-debuginfo-5.5.23-0jpp.2.fc6.i386.rpm
f225deb128e8efde1996eb85b60fc42d1da5fb5c  i386/tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.2.fc6.i386.rpm
76338c98164ff4eb037c740c48c8c529228e3281  i386/tomcat5-jasper-javadoc-5.5.23-0jpp.2.fc6.i386.rpm
4cdb79d010d57caa239a46d4347b63156bcf49cb  i386/tomcat5-server-lib-5.5.23-0jpp.2.fc6.i386.rpm
b0420a7cd4d585cded56c51b04f3af437fc4c338  i386/tomcat5-servlet-2.4-api-5.5.23-0jpp.2.fc6.i386.rpm
9ab2e7349e93b75bd26963ce34acb83786e551bd  i386/tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.2.fc6.i386.rpm
2cca945073dc983aa08d9f4d2964fb4f575eb5b8  i386/tomcat5-admin-webapps-5.5.23-0jpp.2.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------