-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : tomcat7 Version : 7.0.28-4+deb7u5 CVE ID : CVE-2016-3092
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file. This caused the file upload process to take several orders of magnitude longer than if the boundary was the typical tens of bytes long. Apache Tomcat uses a package renamed copy of Apache Commons FileUpload to implement the file upload requirements of the Servlet specification and was therefore also vulnerable to the denial of service vulnerability. For Debian 7 "Wheezy", these problems have been fixed in version 7.0.28-4+deb7u5. We recommend that you upgrade your tomcat7 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJXcCYFXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkGmsP/2S9BF1p+SyKGB40/JQsHQC8 aHUVFBnVlc99T2yFOjT74Crruna7N/vOHBH0a2So5/Z9OYKxdgww1hSTK8r1fdFb 9km+y0hDHmgDK0wBCUpJRrqPLe5OrI6u9htztAjNP8fR3zdFwCeH/36+ESCmW/VK u/acSilGBMQJlDXxKAqGPUrmujLqyMamPcr0CZX7OEJy4tSDtnJFte/wkZqiaoC5 Tb/5d9TDos1vfPm1pgeAXgtNddLy3uhhL7d+zgn0RBGHmezgkPSmO/hrJiUyoZm3 lRIN8LS85j46yWv23O1/WR+OtmDTVQHjxez3uQ+LwNJ2utUCUhGYTlomlB13z1k0 /+j/5+GxVx2KnDg1CTUdFWbgehhr0Xu3LcNEo/ezthUZJnffgRKXQ5ihcOJr0OlH Vqet1uVZ5PrDf0W4pTjIyS9vyedJlo3tFIPD2JC3SV2duH3eAr0sG6ppTanfO+1d uSa8yh3PwrD0/bPxpZTU4gTr8kVOH86SpNnAKucsaYyjA13udQugh7CiD4jk2Pbn sxqDPr1rcTZwQzMTjouFsOBs6RVFxVLBlVZywhqm8qG5uUVADw8BA8Nqwit7L4z4 bnJLp4Q9rXAafSiAH5RJG1GKeb8UqcG7Y9/+kblwnOocQygn8Z9InKSOV/Vtkj0K u6foffO1ztkK9S/yjrd+ =eKTJ -----END PGP SIGNATURE-----
