Package "tomcat9"

Name: tomcat9


Apache Tomcat 9 - Servlet and JSP engine

Latest version: 9.0.16-3ubuntu0.18.04.1
Release: bionic (18.04)
Level: updates
Repository: universe
Homepage: http://tomcat.apache.org


Download "tomcat9"

Other versions of "tomcat9" in Bionic

Repository Area Version
security universe 9.0.16-3ubuntu0.18.04.1

Packages in group

Deleted packages are displayed in grey.


Version: 9.0.16-3ubuntu0.18.04.1 2019-09-18 17:06:57 UTC

  tomcat9 (9.0.16-3ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
    - CVE-2019-0221
  * SECURITY UPDATE: DoS via thread exhaustion
    - debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout
      handling to connection window exhaustion on write.
    - debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle
      full allocation case.
    - CVE-2019-10072

 -- Emilia Torino <email address hidden> Wed, 11 Sep 2019 16:47:51 -0300

Source diff to previous version
CVE-2019-0221 The SSI printenv command in Apache Tomcat 9.0.0.M1 to, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is
CVE-2019-10072 The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.1

Version: 9.0.16-3~18.04.1 2019-04-16 18:07:20 UTC

  tomcat9 (9.0.16-3~18.04.1) bionic; urgency=medium

  * Don't set nologin shell in sysusers.d/tomcat9.conf
    It is the default anyway and systemd-sysusers in 18.04 can't parse it.
    (LP: #1823125)

1823125 tomcat9 fails to install in 18.04

About   -   Send Feedback to @ubuntu_updates