Re: [SECURITY] [DLA 91-1] tomcat6 security update

H B Mon, 24 Nov 2014 00:00:29 -0800

thx to Tony for the huge effort!

I installed the update on 2 machines this morning, and i received an error
message:


Setting up tomcat6 (6.0.41-2+squeeze5) ...
sed: -e expression #1, char 396: unknown option to `s'
dpkg: error processing tomcat6 (--configure):
 subprocess installed post-installation script returned error exit status 1
configured to not write apport reports
                                      Errors were encountered while
processing:
 tomcat6
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install.  Trying to recover:
Setting up tomcat6 (6.0.41-2+squeeze5) ...
sed: -e expression #1, char 396: unknown option to `s'
dpkg: error processing tomcat6 (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 tomcat6

Does anyone have the same problem?

2014-11-23 10:02 GMT+01:00 Holger Levsen <[email protected]>:

> Package        : tomcat6
> Version        : 6.0.41-2+squeeze5
> CVE ID         : CVE-2012-3439 CVE-2013-1571 CVE-2013-4286 CVE-2013-4322
>                  CVE-2013-4590 CVE-2014-0033
> Debian Bugs    : 299635 608286 654136 659748 664072 665393 666256 668761
>                  671373 677912 682955 687818 692440 695250 713796 717279
>
> This is an upgrade from tomcat 6.0.35 (the version previously available
> in squeeze) to 6.0.41, the full list of changes between these versions
> can be see in the upstream changelog, which is available online at
> http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
>
> This update fixes the following security issues previously not available
> for squeeze:
>
> CVE-2014-0033
>
> Prevent remote attackers from conducting session fixation attacks via
> crafted
> URLs.
>
> CVE-2013-4590
>
> Prevent "Tomcat internals" information leaks.
>
> CVE-2013-4322
>
> Prevent remote attackers from doing denial of service attacks.
>
> CVE-2013-4286
>
> Reject requests with multiple content-length headers or with a
> content-length
> header when chunked encoding is being used.
>
> CVE-2013-1571
>
> Avoid CVE-2013-1571 when generating Javadoc.
>
> CVE-2012-3439
>
> Various improvements to the DIGEST authenticator.
>
>
> Thanks to Tony Mancill for doing the vast amount of the work for this
> update!
>
>

Re: [SECURITY] [DLA 91-1] tomcat6 security update

Reply via email to