UbuntuUpdates.org

Package "tomcat9"

Name: tomcat9

Description:

Apache Tomcat 9 - Servlet and JSP engine

Latest version: 9.0.16-3ubuntu0.19.04.1
Release: disco (19.04)
Level: security
Repository: universe
Homepage: http://tomcat.apache.org

Links

Save this URL for the latest version of "tomcat9": https://www.ubuntuupdates.org/tomcat9


Download "tomcat9"


Other versions of "tomcat9" in Disco

Repository Area Version
base universe 9.0.16-3
updates universe 9.0.16-3ubuntu0.19.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 9.0.16-3ubuntu0.19.04.1 2019-09-18 15:06:28 UTC

  tomcat9 (9.0.16-3ubuntu0.19.04.1) disco-security; urgency=medium

  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221
  * SECURITY UPDATE: DoS via thread exhaustion
    - debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout
      handling to connection window exhaustion on write.
    - debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle
      full allocation case.
    - CVE-2019-10072

 -- Emilia Torino <email address hidden> Wed, 11 Sep 2019 14:56:27 -0300

CVE-2019-0221 The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is
CVE-2019-10072 The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.1



About   -   Send Feedback to @ubuntu_updates