[Bug 594989] Re: Lucid Lynx authbind defaults too restrictive
This bug was fixed in the package tomcat6 - 6.0.26-5 --- tomcat6 (6.0.26-5) unstable; urgency=medium * Convert patches to dep3 format. * Backport security fix from trunk to fix CVE-2010-1157. (Closes: #587447) * Set urgency to medium due to the security fix. tomcat6 (6.0.26-4) unstable; urgency=low [ Thierry Carrez ] * Fix issues preventing from running Tomcat6 with a security manager: - debian/tomcat6.init: Remove duplicate securitymanager options. - debian/patches/catalina-sh-security-manager.patch: Use the right location for the security.policy file in catalina.sh. - Closes: #585379, LP: #591802. Thanks to Jeff Turner for the original patches and to Adam Guthrie for the Lucid debdiff. * Allow binding to any interface when using authbind, rather than only allow binding to all (LP: #594989) * Force backgrounding of catalina.sh in start-stop-daemon, to allow the init script to be started through ssh -t (LP: #588481) [ Torsten Werner ] * Remove Paul from Uploaders list. -- Thierry Carrez thierry.car...@ubuntu.com Tue, 13 Jul 2010 17:56:11 +0100 ** Changed in: tomcat6 (Ubuntu) Status: Fix Committed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-1157 -- Lucid Lynx authbind defaults too restrictive https://bugs.launchpad.net/bugs/594989 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 594989] Re: Lucid Lynx authbind defaults too restrictive
** Changed in: tomcat6 (Ubuntu) Importance: Wishlist = Medium ** Changed in: tomcat6 (Ubuntu) Status: Confirmed = Triaged -- Lucid Lynx authbind defaults too restrictive https://bugs.launchpad.net/bugs/594989 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 594989] Re: Lucid Lynx authbind defaults too restrictive
Fix committed to debian java-svn ** Changed in: tomcat6 (Ubuntu) Status: Triaged = Fix Committed ** Changed in: tomcat6 (Ubuntu) Assignee: (unassigned) = Thierry Carrez (ttx) ** Changed in: tomcat6 (Ubuntu) Importance: Medium = Wishlist -- Lucid Lynx authbind defaults too restrictive https://bugs.launchpad.net/bugs/594989 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 594989] Re: Lucid Lynx authbind defaults too restrictive
Tom: That is in fact the behaviour I meant to configure authbind to allow -- I wanted to allow the Tomcat JVM to bind to privileged ports on any address on any NIC of the machine on which Tomcat runs. So, a network prefix of 0 is what it should use, instead of 32. Thanks for spotting that! -- Lucid Lynx authbind defaults too restrictive https://bugs.launchpad.net/bugs/594989 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 594989] Re: Lucid Lynx authbind defaults too restrictive
** Changed in: tomcat6 (Ubuntu) Importance: Undecided = Wishlist ** Changed in: tomcat6 (Ubuntu) Status: New = Confirmed -- Lucid Lynx authbind defaults too restrictive https://bugs.launchpad.net/bugs/594989 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
