[CLSA-2023:1691083477] Fix CVE(s): CVE-2021-25329, CVE-2022-23181, CVE-2020-9484
Type:
security
Severity:
Important
Release date:
2023-08-03 17:24:42 UTC
Description:
* SECURITY UPDATE: Remote Code Execution via session persistence - debian/patches/CVE-2020-9484.patch: Improve validation of storage location when using FileStore. - CVE-2020-9484 * SECURITY UPDATE: Fix for CVE-2020-9484 was incomplete - debian/patches/CVE-2021-25329-pre1.patch: Fix some edge cases where the docBase was not being set using a canonical path which in turn meant resource URLs were not being constructed as expected. - debian/patches/CVE-2021-25329.patch: Use java.nio.file.Path for consistent sub-directory checking. - CVE-2021-25329 * SECURITY UPDATE: Local Privilege Escalation - debian/patches/CVE-2022-23181.patch: Make calculation of session storage location more robust. - CVE-2022-23181 * Update the expired test certificates: - debian/test_certs/*.pem|*.jks: Take the last test certificates from the upstream branch 8.5.x. - debian/source/include-binaries: Specifying the binary *.jks files to prevent build failures. - debian/rules: Before the testing stage, the old certificates in the source code are replaced with the new ones from debian/test_certs.
Updated packages:
  • libtomcat8-embed-java_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb
    sha:5d4169a0cc215f043df7696db67a4e220d60de6b
  • libtomcat8-java_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb
    sha:e90a927114784c07c0e7af54b1a206c51308b4fd
  • tomcat8_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb
    sha:d8c7bf5011e1280604ecec00369b3908b9c9aa3f
  • tomcat8-admin_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb
    sha:746f3b9bf247758558de488c131283514a89459d
  • tomcat8-common_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb
    sha:e6bddbab545822b6ea3a73575911346d89b61e66
  • tomcat8-docs_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb
    sha:6f76d425a2d6adef8fa6ea4661a118306065439a
  • tomcat8-examples_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb
    sha:d450d12f92fa1b4758004fe51e3f13bfcf6971d9
  • tomcat8-user_8.5.39-1ubuntu1~18.04.3+tuxcare.els4_all.deb
    sha:6ff11c5a8e12831397c829a0ce355c9883a0297f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.