*** This bug is a security vulnerability *** Public security bug reported:
http://www.ocert.org/advisories/ocert-2011-003.html Natty, Oneiric and any other still supported Ubuntu versions should upgrade to Tomcat version 6.0.35, to protect against the rather nasty attack described in the above security advisory. Tomcat7 should be upgraded to 7.0.23. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: tomcat6 (not installed) ProcVersionSignature: Ubuntu 3.0.0-14.23-generic 3.0.9 Uname: Linux 3.0.0-14-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 1.23-0ubuntu4 Architecture: amd64 Date: Thu Dec 29 20:20:29 2011 InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012) ProcEnviron: PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: tomcat6 UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: tomcat6 (Ubuntu) Importance: Undecided Status: New ** Tags: natty oneiric ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in Ubuntu. https://bugs.launchpad.net/bugs/909828 Title: Tomcat needs update to prevent hash function DoS attack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/909828/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
