tomcat-7.0.76-16.0.1.el7.AXS7

エラータID: AXSA:2024-8731:12

Release date: 
Thursday, August 29, 2024 - 15:07
Subject: 
tomcat-7.0.76-16.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies. The Java
Servlet and JavaServer Pages specifications are developed by Sun under the Java
Community Process.

Tomcat is developed in an open and participatory environment and released under
the Apache Software License version 2.0. Tomcat is intended to be a
collaboration of the best-of-breed developers from around the world.

Security Fix(es):

* Fix file path bug introduced by the CVE-2021-25329 fix

CVE(s):
CVE-2021-25329
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

Solution: 

Update packages.

CVEs: 
CVE-2021-25329
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. tomcat-7.0.76-16.0.1.el7.AXS7.noarch.rpm
    MD5: a0bd6751811ab70ad977b0709a26a421
    SHA-256: 5e15450c9d3fb7ce7a705e05fab1d1837ba1d12b1e07bd0398b9a8168086b079
    Size: 92.79 kB
  2. tomcat-admin-webapps-7.0.76-16.0.1.el7.AXS7.noarch.rpm
    MD5: e655d022e36baa73758ea4c9cf309049
    SHA-256: d04f84cdb1f1b4c4641cd78478b67df48de4342d0b92a878a7e5da1d078146e5
    Size: 40.93 kB
  3. tomcat-el-2.2-api-7.0.76-16.0.1.el7.AXS7.noarch.rpm
    MD5: 0d910768c8bca7e58cd31984056eee2e
    SHA-256: 311fac52b2c2c55cbf120e2c22e249491ca19369e850683f25d02de9992264f5
    Size: 82.14 kB
  4. tomcat-jsp-2.2-api-7.0.76-16.0.1.el7.AXS7.noarch.rpm
    MD5: 33a5007d2bc3e5ff057c439fe4b4b0f5
    SHA-256: bf668e49acc65ff45080f2b74338fe3d850e8aa5390803cbe217ee526dcba177
    Size: 95.86 kB
  5. tomcat-lib-7.0.76-16.0.1.el7.AXS7.noarch.rpm
    MD5: 68d46c2a2f7ce00fec91dfdb152b12ac
    SHA-256: d2b4bc2e3ab6b0468907be48b8c2f2f1932c02b9636216f783333e771bb27d52
    Size: 3.87 MB
  6. tomcat-servlet-3.0-api-7.0.76-16.0.1.el7.AXS7.noarch.rpm
    MD5: 2116051f81f6dfac5031aa536bd5156e
    SHA-256: 0f72e2fcd12274d3f6c881a7ba6003c636507733bfbf9a1cc131235e0da9573e
    Size: 213.21 kB
  7. tomcat-webapps-7.0.76-16.0.1.el7.AXS7.noarch.rpm
    MD5: c5c9a523a25df2955173708771a110f1
    SHA-256: a3681fa80cb917255bd05760925a821a65f5b839b7a2dac19b03cb1e1d755dcc
    Size: 341.93 kB