[USN-899-1] Tomcat vulnerabilities

By | 2010/02/11

The following security announcement applies to libtomcat6-java. If you have libtomcat6-java installed, please see below for details on the vulnerability and instructions on patching your system:

It was discovered that Tomcat did not correctly validate WAR filenames or
paths when deploying. A remote attacker could send a specially crafted WAR
file to be deployed and cause arbitrary files and directories to be
created, overwritten, or deleted.

The above security vulnerabilities apply to the following Ubuntu releases:

  • Ubuntu 8.10
  • Ubuntu 9.04
  • Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

After a standard system upgrade you need to restart your session to effect the necessary changes.