Advisory: CLSA-2023:1686586528
OS: Ubuntu 18.04 ELS
Public date: 2023-06-12 12:15:30
Project: tomcat8
Version: 8.5.39-1ubuntu1~18.04.3+tuxcare.els1
Errata link: https://errata.tuxcare.com/els_os/ubuntu18.04els/CLSA-2023-1686586528.html
* SECURITY UPDATE: Apache Tomcat request smuggling - debian/patches/CVE-2022-42252.patch: Requests with invalid content-length should always be rejected. - CVE-2022-42252 * SECURITY UPDATE: AJP Request Injection and potential Remote Code Execution - debian/patches/CVE-2020-1938.patch: Add new AJP attribute allowedRequestAttributesPattern. Rename requiredSecret to secret and add secretRequired. Change the default bind address for AJP to the loopback address. - CVE-2020-1938
Update command: apt-get update apt-get --only-upgrade install tomcat8*
libtomcat8-embed-java_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb libtomcat8-java_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb tomcat8_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb tomcat8-admin_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb tomcat8-common_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb tomcat8-docs_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb tomcat8-examples_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb tomcat8-user_8.5.39-1ubuntu1~18.04.3+tuxcare.els1_all.deb