Package "tomcat9-common"

Name: tomcat9-common


Apache Tomcat 9 - Servlet and JSP engine -- common files

Latest version: 9.0.16-3ubuntu0.18.04.1
Release: bionic (18.04)
Level: security
Repository: universe
Head package: tomcat9
Homepage: http://tomcat.apache.org


Download "tomcat9-common"

Other versions of "tomcat9-common" in Bionic

Repository Area Version
updates universe 9.0.16-3ubuntu0.18.04.1


Version: 9.0.16-3ubuntu0.18.04.1 2019-09-18 15:06:23 UTC

  tomcat9 (9.0.16-3ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
    - CVE-2019-0221
  * SECURITY UPDATE: DoS via thread exhaustion
    - debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout
      handling to connection window exhaustion on write.
    - debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle
      full allocation case.
    - CVE-2019-10072

 -- Emilia Torino <email address hidden> Wed, 11 Sep 2019 16:47:51 -0300

Source diff to previous version
CVE-2019-0221 The SSI printenv command in Apache Tomcat 9.0.0.M1 to, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is
CVE-2019-10072 The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.1

Version: 9.0.16-3~18.04.1 2019-04-16 18:07:07 UTC

  tomcat9 (9.0.16-3~18.04.1) bionic; urgency=medium

  * Don't set nologin shell in sysusers.d/tomcat9.conf
    It is the default anyway and systemd-sysusers in 18.04 can't parse it.
    (LP: #1823125)

1823125 tomcat9 fails to install in 18.04

About   -   Send Feedback to @ubuntu_updates