tomcat6-6.0.24-55.AXS4
エラータID: AXSA:2013-467:03
リリース日:
2013/06/07 Friday - 12:37
題名:
tomcat6-6.0.24-55.AXS4
影響のあるチャネル:
Asianux Server 4 for ppc
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 現時点では CVE-2013-1976,CVE-2013-2051 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-1976
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
CVE-2013-2051
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.
追加情報:
N/A
ダウンロード:
SRPMS
- tomcat6-6.0.24-55.AXS4.src.rpm
MD5: 96bf0f2a5dea7bd180c936c77571a778
SHA-256: 7fcaef3077bfdc83402db32f26059f29d449d5ac63a8e252ecd9b7df3aa8c7ac
Size: 3.36 MB
Asianux Server 4 for x86
- tomcat6-6.0.24-55.AXS4.noarch.rpm
MD5: 3b32a6cae4c9c06eb8c8380eaed98e0b
SHA-256: 996d95628801b946e6b1d15f5ae9ba7827e13ff013682396c386ee04e5dc643c
Size: 88.39 kB - tomcat6-jsp-2.1-api-6.0.24-55.AXS4.noarch.rpm
MD5: 1faa617c5c704e6567a0ba024a4f28a0
SHA-256: 6b5f771399817a559b48e6f7d5b91ad4e9dcf8d4019b60377ac7b7721aee9489
Size: 81.23 kB - tomcat6-el-2.1-api-6.0.24-55.AXS4.noarch.rpm
MD5: 4bd3d32a380d89f793ac928daf6f9917
SHA-256: 9b4fe37d8bdef7767dc73390a7079d44e6bde9d32501b6ebdba656352c5691c8
Size: 44.35 kB - tomcat6-lib-6.0.24-55.AXS4.noarch.rpm
MD5: 7890eddb2041f11b726c6c2ba14daa6c
SHA-256: 15b70d134709e5d20f893150aacb3fc4477feaa8ee2a92c1c8330432e1a0c24b
Size: 2.82 MB - tomcat6-servlet-2.5-api-6.0.24-55.AXS4.noarch.rpm
MD5: ee29e20bb7f51f3eca44ee00af936202
SHA-256: c573f8da6b36fa0041c6507f098c8b927d2e7a53a8e19e4ac177b2b691d061fc
Size: 95.12 kB
Asianux Server 4 for x86_64
- tomcat6-6.0.24-55.AXS4.noarch.rpm
MD5: 3b32a6cae4c9c06eb8c8380eaed98e0b
SHA-256: 996d95628801b946e6b1d15f5ae9ba7827e13ff013682396c386ee04e5dc643c
Size: 88.39 kB - tomcat6-jsp-2.1-api-6.0.24-55.AXS4.noarch.rpm
MD5: 1faa617c5c704e6567a0ba024a4f28a0
SHA-256: 6b5f771399817a559b48e6f7d5b91ad4e9dcf8d4019b60377ac7b7721aee9489
Size: 81.23 kB - tomcat6-el-2.1-api-6.0.24-55.AXS4.noarch.rpm
MD5: 4bd3d32a380d89f793ac928daf6f9917
SHA-256: 9b4fe37d8bdef7767dc73390a7079d44e6bde9d32501b6ebdba656352c5691c8
Size: 44.35 kB - tomcat6-lib-6.0.24-55.AXS4.noarch.rpm
MD5: 7890eddb2041f11b726c6c2ba14daa6c
SHA-256: 15b70d134709e5d20f893150aacb3fc4477feaa8ee2a92c1c8330432e1a0c24b
Size: 2.82 MB - tomcat6-servlet-2.5-api-6.0.24-55.AXS4.noarch.rpm
MD5: ee29e20bb7f51f3eca44ee00af936202
SHA-256: c573f8da6b36fa0041c6507f098c8b927d2e7a53a8e19e4ac177b2b691d061fc
Size: 95.12 kB