Advisory: CLSA-2024:1724260496
OS: Ubuntu 16.04 ELS
Public date: 2024-08-21 13:14:59
Project: tomcat8
Version: 8.0.32-1ubuntu1.13+tuxcare.els1
Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2024-1724260496.html
* SECURITY UPDATE: still vulnerable to CVE-2020-9484 with a configuration edge case - debian/patches/CVE-2021-25329.patch: use java.nio.file.Path for consistent sub-directory checking - CVE-2021-25329 * SECURITY UPDATE: time-of-check to time-of-use vulnerability introduced by the CVE-2020-9484 fix - debian/patches/CVE-2022-23181.patch: make calculation of session storage location more robust - CVE-2022-23181 * Internal tests: - debian/rules: fail the build if some of the tests have failed - debian/patches/skipping-tests-incompatible-with-firewall.patch: backport from ubuntu18 els - debian/patches/dont-test-unsupported-ciphers.patch: skip testing of unsupported ciphers - debian/patches/skip-tests-error-and-unstable.patch: skip tests that fail with error and unstable ones
Update command: apt-get update apt-get --only-upgrade install tomcat8*
libservlet3.1-java_8.0.32-1ubuntu1.13+tuxcare.els1_all.deb libservlet3.1-java-doc_8.0.32-1ubuntu1.13+tuxcare.els1_all.deb libtomcat8-java_8.0.32-1ubuntu1.13+tuxcare.els1_all.deb tomcat8_8.0.32-1ubuntu1.13+tuxcare.els1_all.deb tomcat8-admin_8.0.32-1ubuntu1.13+tuxcare.els1_all.deb tomcat8-common_8.0.32-1ubuntu1.13+tuxcare.els1_all.deb tomcat8-docs_8.0.32-1ubuntu1.13+tuxcare.els1_all.deb tomcat8-examples_8.0.32-1ubuntu1.13+tuxcare.els1_all.deb tomcat8-user_8.0.32-1ubuntu1.13+tuxcare.els1_all.deb