tomcat5-5.5.23-0jpp.9.0.1.AXS3

エラータID: AXSA:2010-401:01

Release date: 
Friday, August 6, 2010 - 15:09
Subject: 
tomcat5-5.5.23-0jpp.9.0.1.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here.
Security issues fixed with this release:
CVE-2009-2693
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
CVE-2009-2696
No information available at the time of writing, see the links below.
CVE-2009-2902
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
CVE-2010-2227
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with recycling of a buffer.
1564,Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed

Solution: 

Update packages.

CVEs: 
CVE-2009-2693
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
CVE-2009-2696
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
CVE-2009-2902
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
CVE-2010-2227
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."


Additional Info: 

N/A

Download: 

SRPMS
  1. tomcat5-5.5.23-0jpp.9.0.1.AXS3.src.rpm
    MD5: 61726dc494dd04af3ea1e7a92e9d0eb7
    SHA-256: 1cc8617a449bd7180e9374427af1cf1aebb5e79c814f8d99898d47cfdc13223a
    Size: 4.73 MB

Asianux Server 3 for x86
  1. tomcat5-5.5.23-0jpp.9.0.1.AXS3.i386.rpm
    MD5: f6211a90675ac2e072ed394405a32fc1
    SHA-256: 6afbbf0995dbe8e82523bde3f0f4218f4b190da18e31d5e3c916586ad268bcde
    Size: 341.13 kB
  2. tomcat5-admin-webapps-5.5.23-0jpp.9.0.1.AXS3.i386.rpm
    MD5: 6d3da4eb4e8cf2cb2e1d9ef091e4d04c
    SHA-256: dc0e251262135a9bf75f90fa5dc7dd4ded78bbe49eb80a788088cd55e8c72ed5
    Size: 3.02 MB
  3. tomcat5-common-lib-5.5.23-0jpp.9.0.1.AXS3.i386.rpm
    MD5: d3b9b0f7fa2057136c74082c9b5303ac
    SHA-256: 5cbd3ad7f668d34d987d9d5d67940dbd6f9b77d2c0c0a9c1c21545735113c5c8
    Size: 199.76 kB
  4. tomcat5-jasper-5.5.23-0jpp.9.0.1.AXS3.i386.rpm
    MD5: dadeb4ef7c25c09a82febf26b2013440
    SHA-256: a45e8a7dd2650b8c923347a8d3147ed3b0ad054382ffbb3ce7c589f20f47eda5
    Size: 0.96 MB
  5. tomcat5-jasper-javadoc-5.5.23-0jpp.9.0.1.AXS3.i386.rpm
    MD5: 6bf85aa99fd60f3a37fad7b453e35c30
    SHA-256: 4e46ad09959304308adaf198d614fcec96a9e11222435bd5e5fca8987be18729
    Size: 280.85 kB
  6. tomcat5-jsp-2.0-api-5.5.23-0jpp.9.0.1.AXS3.i386.rpm
    MD5: ec0f5852636dd4ae9ba5800a97e8a6f7
    SHA-256: 0b7e75c95119ea6b61551aafc9cc48e867fb405446cab81ae7ae447696880d3d
    Size: 96.35 kB
  7. tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.0.1.AXS3.i386.rpm
    MD5: 69a5d8c5a7f9ab9f2b95dadb15f200d0
    SHA-256: e1b1fe6b9fd6acdf370c48e785442e0eb19443acf6a4611e147344a592774b91
    Size: 148.69 kB
  8. tomcat5-server-lib-5.5.23-0jpp.9.0.1.AXS3.i386.rpm
    MD5: c87125b3829d4ebdf387f240db0dfc43
    SHA-256: ff4c76468c7be1c604c827da168fdfdc14c14d544586b110f2e69441a35d2ee6
    Size: 3.59 MB
  9. tomcat5-servlet-2.4-api-5.5.23-0jpp.9.0.1.AXS3.i386.rpm
    MD5: 63be29c3b29e742382fd523141876018
    SHA-256: a7e9475c13f8489283ca42764b164af2bb4811aa93ef01653abc98e3d1272b10
    Size: 153.23 kB
  10. tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.0.1.AXS3.i386.rpm
    MD5: cca82c0050a86e7310e7f46186312bc9
    SHA-256: a37719e145bc7f02aca85b04e7d3e402a62173894c1135cedc7b6c08e8cd0b04
    Size: 153.89 kB
  11. tomcat5-webapps-5.5.23-0jpp.9.0.1.AXS3.i386.rpm
    MD5: a9305e026d1400af8bf596bb0ee8b325
    SHA-256: 9a71127c56d0d08b3de4635ba9308a58e27b98da68a60a99f3296b73625fece9
    Size: 1.24 MB

Asianux Server 3 for x86_64
  1. tomcat5-5.5.23-0jpp.9.0.1.AXS3.x86_64.rpm
    MD5: ed9f4381bd0f317683081a15a1de7a2d
    SHA-256: 8860d805765b29a73934659c2054e84cf9ebdf4e5d74386ccade55624d2ca9bd
    Size: 363.36 kB
  2. tomcat5-admin-webapps-5.5.23-0jpp.9.0.1.AXS3.x86_64.rpm
    MD5: 5237af3b7e2ad5c499bb32d9e0e39f12
    SHA-256: c0960bc4607b8e6bac31924ecacaf1dded749175c2e5795daedaf2cdc5107835
    Size: 3.44 MB
  3. tomcat5-common-lib-5.5.23-0jpp.9.0.1.AXS3.x86_64.rpm
    MD5: f882e690c1cf8bc88d395ad929d1e63a
    SHA-256: d9d59a292c8e14ef73f782c07660b1220b74c03fe2493ddacfb1f3b23c37cb40
    Size: 224.09 kB
  4. tomcat5-jasper-5.5.23-0jpp.9.0.1.AXS3.x86_64.rpm
    MD5: a0b3311005d3bbfac7f2c019c19ff886
    SHA-256: c912ce3547ca2b6cdd1096a3bb2f5b0b57c7d00f727d53e29658663c429a23d3
    Size: 1.09 MB
  5. tomcat5-jasper-javadoc-5.5.23-0jpp.9.0.1.AXS3.x86_64.rpm
    MD5: 45cc10201db4ee33a999246eda77faf3
    SHA-256: 0915e4cc9e3aa9c88b5b3f636a208de685b4db4f04c94783e4547f9f586f2f89
    Size: 280.67 kB
  6. tomcat5-jsp-2.0-api-5.5.23-0jpp.9.0.1.AXS3.x86_64.rpm
    MD5: 646e343ac6e178045cc420a1a1d06bc3
    SHA-256: 26ca671bfcd3d2ca877bcbb2515f2d04ba292ceeb75b7aaac7ac0fda164f7ad2
    Size: 102.66 kB
  7. tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.0.1.AXS3.x86_64.rpm
    MD5: 32a8f5b4ebafecf3e165955d118850a6
    SHA-256: 9e0351f3da03480bf7b71e7fefa57edbd947028944ef7315f15c9d9f4777d76b
    Size: 148.53 kB
  8. tomcat5-server-lib-5.5.23-0jpp.9.0.1.AXS3.x86_64.rpm
    MD5: 749117b69f741a8a3ede2e218262eee8
    SHA-256: efb1bee2b326c74454a354663bc27526515365c6bf0f2698b03a5e525c215821
    Size: 4.06 MB
  9. tomcat5-servlet-2.4-api-5.5.23-0jpp.9.0.1.AXS3.x86_64.rpm
    MD5: e50aa01f888f9f172866ab47b32cf001
    SHA-256: d96785a93092e1b82576212bb94cd05f82c0fdf363ccaa9d67285cc742aed227
    Size: 162.57 kB
  10. tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.0.1.AXS3.x86_64.rpm
    MD5: 3d85512510d35aa55e319bb4dab4b0ab
    SHA-256: 74d364ba6344d5c7c593f158b06b7931e1b9f2f69993d3bdf65a21ddea1fa38b
    Size: 153.74 kB
  11. tomcat5-webapps-5.5.23-0jpp.9.0.1.AXS3.x86_64.rpm
    MD5: 20c3031ad2f6e7fe3b98918cfb7a42f1
    SHA-256: 61a082fa51d98c6cd970b690dd62d6a94c6606921c11a756087cc82c659fa09b
    Size: 1.24 MB