FSA/FC6/FEDORA-2007-514

Fedora Core 6 Update: jakarta-commons-modeler-1.1-8jpp.2.fc6
- Fedora Update Notification FEDORA-2007-514 2007-05-21 -

Product    : Fedora Core 6 Name       : jakarta-commons-modeler Version    : 1.1 Release    : 8jpp.2.fc6 Summary    : Jakarta Commons Modeler Package Description : The Modeler project shall create and maintain a set of Java classes to provide the facilities described in the preceeding section, plus unit tests and small examples of using these facilities to instrument Java classes with Model MBean support.

- Update Information:

Several security issues were reported to be fixed in releases prior to 5.5.23 (http://tomcat.apache.org/security-5.html)

Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090)

Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450)

The implict-objects.jsp file distributed in the examples webapp displayed a number of unfiltered header values. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks. (CVE-2006-7195)

Users should upgrade to these erratum packages which contain an update to Tomcat that resolves these issues. Updated jakarta-commons-modeler packages are also included which correct a bug when used with Tomcat 5.5.23.

- - Add patch to fix jira task: MODELER-15 to allow tomcat5 5.5.23 to build against j-c-modeler - Resolves: bug 237704
 * Sun Apr 29 2007 Vivek Lakshmanan - 0:1.1-8jpp.2

- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

dad1218b669850e79dbd5d467c95ed95301b8d34 SRPMS/jakarta-commons-modeler-1.1-8jpp.2.fc6.src.rpm dad1218b669850e79dbd5d467c95ed95301b8d34 noarch/jakarta-commons-modeler-1.1-8jpp.2.fc6.src.rpm 8dd80a01e127b5d40d732ce2e75c5c04e2000421 ppc/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.ppc.rpm dd1ab4ed4a18518210a3609441d3c337a2dd5a69 ppc/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.ppc.rpm 7f4b54c6922fb76248bafd205e14119183ea99df ppc/jakarta-commons-modeler-1.1-8jpp.2.fc6.ppc.rpm 2a629ca2249b3012627ce9cea4ef89eee957f82a x86_64/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.x86_64.rpm c397048d0562227811fb735b49acb0bda2c68511 x86_64/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.x86_64.rpm 2aa455ba7eb7d52799a3c0d93dab468cefa96c9e x86_64/jakarta-commons-modeler-1.1-8jpp.2.fc6.x86_64.rpm ba5a53f53d214e199394ea50cdf2306b049e9085 i386/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.i386.rpm 501ec172627d91dbcabb7134d3b5b3c10f256e06 i386/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.i386.rpm faee0b25204c51e08dd19930cf2c81880ce9bc23 i386/jakarta-commons-modeler-1.1-8jpp.2.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. -