Advisory: CLSA-2023:1686586672
OS: Ubuntu 18.04 ELS
Public date: 2023-06-12 12:17:54
Project: tomcat9
Version: 9.0.16-3ubuntu0.18.04.2+tuxcare.els1
Errata link: https://errata.tuxcare.com/els_os/ubuntu18.04els/CLSA-2023-1686586672.html
* SECURITY UPDATE: Apache Tomcat request smuggling - debian/patches/CVE-2022-42252.patch: Requests with invalid content-length should always be rejected. - CVE-2022-42252 * SECURITY UPDATE: AJP Request Injection and potential Remote Code Execution - debian/patches/CVE-2020-1938.patch: Add new AJP attribute allowedRequestAttributesPattern. Rename requiredSecret to secret and add secretRequired. Change the default bind address for AJP to the loopback address. - CVE-2020-1938
Update command: apt-get update apt-get --only-upgrade install tomcat9*
libtomcat9-embed-java_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb libtomcat9-java_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb tomcat9_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb tomcat9-admin_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb tomcat9-common_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb tomcat9-docs_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb tomcat9-examples_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb tomcat9-user_9.0.16-3ubuntu0.18.04.2+tuxcare.els1_all.deb