This is an automated email from the git hooks/post-receive script. ebourg-guest pushed a commit to branch jessie in repository tomcat8.
commit d866c5f0d7863aa0b46ba544c18b0fdf6fa62d91 Author: Emmanuel Bourg <[email protected]> Date: Thu Jan 5 17:14:46 2017 +0100 Fixed CVE-2016-8745: Information Disclosure --- debian/changelog | 11 +++++++++++ debian/patches/CVE-2016-8745.patch | 30 ++++++++++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 42 insertions(+) diff --git a/debian/changelog b/debian/changelog index a7b38c2..34fb2d6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +tomcat8 (8.0.14-1+deb8u6) jessie-security; urgency=high + + * Fixed CVE-2016-8745: A bug in the error handling of the send file code for + the NIO HTTP connector resulted in the current Processor object being added + to the Processor cache multiple times. This in turn meant that the same + Processor could be used for concurrent requests. Sharing a Processor can + result in information leakage between requests including, not not limited + to, session ID and the response body. + + -- Emmanuel Bourg <[email protected]> Thu, 05 Jan 2017 17:10:29 +0100 + tomcat8 (8.0.14-1+deb8u5) jessie-security; urgency=high * Fixed CVE-2016-9774: Potential privilege escalation when the tomcat8 diff --git a/debian/patches/CVE-2016-8745.patch b/debian/patches/CVE-2016-8745.patch new file mode 100644 index 0000000..a970cbb --- /dev/null +++ b/debian/patches/CVE-2016-8745.patch @@ -0,0 +1,30 @@ +Description: Fixes: CVE-2016-8745: When unable to complete sendfile request, + ensure the Processor will be added to the cache only once. + This bug in the error handling of the send file code for the NIO HTTP connector + resulted in the current Processor object being added to the Processor cache + multiple times. This in turn meant that the same Processor could be used for + concurrent requests. Sharing a Processor can result in information leakage + between requests including, not not limited to, session ID and the response + body. +Origin: backport, https://svn.apache.org/r1777469 13f79535-47bb-0310-9956-ffa450edef68 +Bug: https://bz.apache.org/bugzilla/show_bug.cgi?id=60409 +--- a/java/org/apache/tomcat/util/net/NioEndpoint.java ++++ b/java/org/apache/tomcat/util/net/NioEndpoint.java +@@ -1251,11 +1251,15 @@ + } + }catch ( IOException x ) { + if ( log.isDebugEnabled() ) log.debug("Unable to complete sendfile request:", x); +- cancelledKey(sk,SocketStatus.ERROR); ++ if (!event) { ++ cancelledKey(sk,SocketStatus.ERROR); ++ } + return false; + }catch ( Throwable t ) { + log.error("",t); +- cancelledKey(sk, SocketStatus.ERROR); ++ if (!event) { ++ cancelledKey(sk, SocketStatus.ERROR); ++ } + return false; + }finally { + if (sc!=null) sc.setSendFile(false); diff --git a/debian/patches/series b/debian/patches/series index 9b4eacd..45f2d8f 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -32,3 +32,4 @@ CVE-2016-6797.patch CVE-2016-6816.patch BZ-57377.patch CVE-2016-8735.patch +CVE-2016-8745.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
