tomcat6-6.0.24-83.AXS4
エラータID: AXSA:2015-143:01
リリース日:
2015/05/22 Friday - 13:30
題名:
tomcat6-6.0.24-83.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Apache Tomcat の java/org/apache/coyote/http11/filters/ChunkedInputFilter.java は,エラーが生じた後にデータの読み込みの続行を適切に処理しておらず,不正なチャンク形式転送コーディングを持つストリーミングデータによって,リモートの攻撃者が HTTP sumuggling 攻撃を行う,あるいはサービス拒否 (リソースの消費) を引き起こす脆弱性があります。(CVE-2014-0227)
[Bug Fix]
- tomcat6 init script が stop しようとして失敗した場合, tomcat プロセスを kill しようとせず,そのため tomcat が正しい再起動を妨げていた問題を修正しました。
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-0227
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
追加情報:
N/A
ダウンロード:
SRPMS
- tomcat6-6.0.24-83.AXS4.src.rpm
MD5: 9afabd1bf25063c7d0dab07941e0169d
SHA-256: 63b74013a27c03792c31c596e5f7e3bbce74dfcade1a5b888470911e1d1f3529
Size: 3.57 MB
Asianux Server 4 for x86
- tomcat6-6.0.24-83.AXS4.i686.rpm
MD5: 8335b99453e37a5da06e7cb2a4ed3663
SHA-256: e93e22b4dd42c2f1975e2bea5b917f5d3a1361f56d7e353ca86aa99a8f2bff31
Size: 91.17 kB - tomcat6-el-2.1-api-6.0.24-83.AXS4.i686.rpm
MD5: 0e139f79d070f9d9e0f3cd588e693165
SHA-256: c085ed0dc2126222aa53f14dee56d4b0dc11ead622b6a5bfc162a2e8549b0b5e
Size: 46.74 kB - tomcat6-jsp-2.1-api-6.0.24-83.AXS4.i686.rpm
MD5: 2b5e028ade139793c0270172c98b0c1e
SHA-256: a767d67494a85e11fa9f42a1df99897fd37810f9d687128497cddea20be96ade
Size: 83.64 kB - tomcat6-lib-6.0.24-83.AXS4.i686.rpm
MD5: 187f0bc8eac090ddb0387a1c595b3fcb
SHA-256: c6284b0a8764f2c17c5d6d827aa65b84ef449b91678af6b48279c9013dedd3ba
Size: 2.90 MB - tomcat6-servlet-2.5-api-6.0.24-83.AXS4.i686.rpm
MD5: 05db0daffa8479774ef47e9984e9981d
SHA-256: 0923cf8a4e1a8e7d1887913c49a4545e3f8ebb1cea65f3b2b9a5aeafee303522
Size: 97.52 kB
Asianux Server 4 for x86_64
- tomcat6-6.0.24-83.AXS4.x86_64.rpm
MD5: 8e4cacc87a7649e39853b3fc70c5e2e0
SHA-256: 68c95d8e9727d567df957f3b933d2d5d53581023a2d3e5ccbec713125b890091
Size: 90.72 kB - tomcat6-el-2.1-api-6.0.24-83.AXS4.x86_64.rpm
MD5: 68cab77c83dc4c9c079c4e0e3b255cfd
SHA-256: 886a5a8f682a3e0c7829fa2619d7fe9392a7c80ecef35accb7018c27f7a9797c
Size: 46.29 kB - tomcat6-jsp-2.1-api-6.0.24-83.AXS4.x86_64.rpm
MD5: ea2353e58c00eb08931a8130d071b2e0
SHA-256: 06d0947413437041d3c5e2a9cc600c44f2cdf5e293659ae94e69c6a412e8377b
Size: 83.20 kB - tomcat6-lib-6.0.24-83.AXS4.x86_64.rpm
MD5: 71e3e7a2c0f62557a347f9ec9993fc7a
SHA-256: 6bd3d728636ace1f100fd480ed1857dd5231b6e1c4a1263b527b5247c6d00bd7
Size: 2.90 MB - tomcat6-servlet-2.5-api-6.0.24-83.AXS4.x86_64.rpm
MD5: 4393d67eb65d0a1d8280a98a69f22e19
SHA-256: 77f30e2ba00d1f7192551e359631ab433e26aa2afec00027d6b65555a139b3b5
Size: 97.08 kB