Advisory: CLSA-2023:1691083477
OS: Ubuntu 18.04 ELS
Public date: 2023-08-03 13:24:39
Project: tomcat8
Version: 8.5.39-1ubuntu1~18.04.3+tuxcare.els4
Errata link: https://errata.cloudlinux.com/ubuntu18-els/CLSA-2023-1691083477.html
* SECURITY UPDATE: Remote Code Execution via session persistence - debian/patches/CVE-2020-9484.patch: Improve validation of storage location when using FileStore. - CVE-2020-9484 * SECURITY UPDATE: Fix for CVE-2020-9484 was incomplete - debian/patches/CVE-2021-25329-pre1.patch: Fix some edge cases where the docBase was not being set using a canonical path which in turn meant resource URLs were not being constructed as expected. - debian/patches/CVE-2021-25329.patch: Use java.nio.file.Path for consistent sub-directory checking. - CVE-2021-25329 * SECURITY UPDATE: Local Privilege Escalation - debian/patches/CVE-2022-23181.patch: Make calculation of session storage location more robust. - CVE-2022-23181 * Update the expired test certificates: - debian/test_certs/*.pem|*.jks: Take the last test certificates from the upstream branch 8.5.x. - debian/source/include-binaries: Specifying the binary *.jks files to prevent build failures. - debian/rules: Before the testing stage, the old certificates in the source code are replaced with the new ones from debian/test_certs.
Update command: apt-get update apt-get --only-upgrade install tomcat8*
libtomcat8-embed-java_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb libtomcat8-java_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb tomcat8_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb tomcat8-admin_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb tomcat8-common_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb tomcat8-docs_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb tomcat8-examples_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb tomcat8-user_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb