-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : tomcat6 Version : 6.0.45+dfsg-1~deb7u2 CVE ID : CVE-2016-1240
Dawid Golunski from legalhackers.com discovered that Debian's version of Tomcat 6 was vulnerable to a local privilege escalation. Local attackers who have gained access to the server in the context of the tomcat6 user through a vulnerability in a web application were able to replace the file with a symlink to an arbitrary file. The full advisory can be found at http://legalhackers.com/advisories/Tomcat-Debian-based-Root-Privilege-Es calation-Exploit.txt For Debian 7 "Wheezy", these problems have been fixed in version 6.0.45+dfsg-1~deb7u2. We recommend that you upgrade your tomcat6 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJX2rRTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hk7Q8P/07qsHzrS4uVBfdxGY+kawqp jd5011ZffwS7tl54fVpiXQmpu9spEPZmBfzYtJWnH3xsngj2KkqaAwP7NqCc4Inc ebF7MTHdrFlIyvC649kaA73EUlN17tjzMpSiS2KaAN5/cV8rCQtHYH7SpjTV4+ZZ 14fb+TjQmA9ThANPs/HTjG9BgGeXhHOxfdELMqeiyZGmcfj4w4A0/DN3BgFmEPhM 649b2kQiITNz2lIEyytNqqbzJ08l+ODiqldfju42ssEj2EecCw6rvOeHG0bb8aQ4 Du3dN3bjtUPubjSDZAX/xf+00/+rGskgXs7EHLWQZdD0+EAIU010wNb2HX3DSjNV pKXAFq6clmuKMVWYCJkGcJG/Zg635FB9AOcc7xwUpzagGWu0yCJrfydjQVjtGLUg xRELL66unsvxLBDuPZXf34o0l7dBkVGDdgcHAk04pUbXri8g6SwhCfu1wR4Wt0vY unBusG1GOjAEXXRMp9YC5dujI98JLw+Cd3kdNvWnu97n7/1vqD9E467Ucd5FAaWT NJ5pxLiftlWjh+GfOQt+1lwQMma/5f7kiEoLwU5ofh/PbwYeTF6wwg1kG+KLgZwJ 9Z5GgwIQhUgXyYd1eZQuz6BWiV1JVGpTwPMsrTBCo0glPtbxc+j+or1mSuvDBOAA ELARmtw4AiQNjmqd8J2J =+qsa -----END PGP SIGNATURE-----