[Bug 1455566] New: CVE-2014-9970 jasypt: Vulnerable to timing attack against the password hash comparison
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1455566
Bug ID: 1455566
Summary: CVE-2014-9970 jasypt: Vulnerable to timing attack
against the password hash comparison
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: abhgupta(a)redhat.com, aileenc(a)redhat.com,
alazarot(a)redhat.com, bbaranow(a)redhat.com,
bmaxwell(a)redhat.com, bmcclain(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
csutherl(a)redhat.com, dandread(a)redhat.com,
darran.lofthouse(a)redhat.com, dblechte(a)redhat.com,
dosoudil(a)redhat.com, eedri(a)redhat.com,
etirelli(a)redhat.com, gvarsami(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jcoleman(a)redhat.com,
jshepherd(a)redhat.com, kconner(a)redhat.com,
kseifried(a)redhat.com, kverlaen(a)redhat.com,
ldimaggi(a)redhat.com, lgao(a)redhat.com,
lpetrovi(a)redhat.com, mbaluch(a)redhat.com,
mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com,
mwinkler(a)redhat.com, myarboro(a)redhat.com,
nwallace(a)redhat.com, pavelp(a)redhat.com,
pgier(a)redhat.com, psakar(a)redhat.com,
pslavice(a)redhat.com, psotirop(a)redhat.com,
puntogil(a)libero.it, rnetuka(a)redhat.com,
rrajasek(a)redhat.com, rsvoboda(a)redhat.com,
rwagner(a)redhat.com, rzhang(a)redhat.com,
sherold(a)redhat.com, tcunning(a)redhat.com,
tiwillia(a)redhat.com, tkirby(a)redhat.com,
twalsh(a)redhat.com, vtunka(a)redhat.com,
ydary(a)redhat.com, ykaul(a)redhat.com
It was found that jasypt before allows a timing attack against the password
hash comparison.
Upstream patch:
https://sourceforge.net/p/jasypt/code/668/
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1542271] apache-commons-compress-1.16.1 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1542271
Michael Simacek <msimacek(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |CLOSED
Fixed In Version| |apache-commons-compress-1.1
| |6.1-1.fc28
Resolution|--- |RAWHIDE
Assignee|mizdebsk(a)redhat.com |msimacek(a)redhat.com
Last Closed| |2018-02-12 07:14:10
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-15095)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1528565
Ondrej Soukup <osoukup(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|71212,reported=20171205,sou |71212,reported=20171206,sou
|rce=researcher,cvss3=8.1/CV |rce=researcher,cvss3=8.1/CV
|SS:3.0/AV:N/AC:H/PR:N/UI:N/ |SS:3.0/AV:N/AC:H/PR:N/UI:N/
|S:U/C:H/I:H/A:H,eap-6/reste |S:U/C:H/I:H/A:H,eap-6/reste
|asy=affected,fedora-all/jac |asy=affected,fedora-all/jac
|kson-databind=affected,jdg- |kson-databind=affected,jdg-
|7/jackson-databind=new,jon- |7/jackson-databind=new,jon-
|3/resteasy=notaffected,open |3/resteasy=notaffected,open
|shift-enterprise-2/jackson- |shift-enterprise-2/jackson-
|databind=new,dts-4/devtools |databind=new,dts-4/devtools
|et-4-jackson-databind=wontf |et-4-jackson-databind=wontf
|ix,rhev-m-3/jasperreports-s |ix,rhev-m-3/jasperreports-s
|erver-pro=wontfix,rhev-m-4/ |erver-pro=wontfix,rhev-m-4/
|eap7-jackson-databind=affec |eap7-jackson-databind=affec
|ted,amq-6/jackson-databind= |ted,amq-6/jackson-databind=
|notaffected,bpms-6/jackson- |notaffected,bpms-6/jackson-
|databind=notaffected,jdv-6/ |databind=notaffected,jdv-6/
|jackson-databind=notaffecte |jackson-databind=notaffecte
|d,fuse-6/jackson-databind=n |d,fuse-6/jackson-databind=n
|otaffected,rhmap-4/jackson- |otaffected,rhmap-4/jackson-
|databind=notaffected,rhn_sa |databind=notaffected,rhn_sa
|tellite_6/jackson-databind= |tellite_6/jackson-databind=
|new,rhscl-3/rh-eclipse46-ja |new,rhscl-3/rh-eclipse46-ja
|ckson-databind=affected,rhs |ckson-databind=affected,rhs
|cl-3/rh-maven35-jackson-dat |cl-3/rh-maven35-jackson-dat
|abind=affected,sam-1/jackso |abind=affected,sam-1/jackso
|n-databind=wontfix,eap-7/re |n-databind=wontfix,eap-7/re
|steasy=affected,brms-6/jack |steasy=affected,brms-6/jack
|son-databind=notaffected |son-databind=notaffected
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1480618] New: CVE-2017-7674 tomcat: Cache Poisoning
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1480618
Bug ID: 1480618
Summary: CVE-2017-7674 tomcat: Cache Poisoning
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: aileenc(a)redhat.com, alee(a)redhat.com,
apintea(a)redhat.com, bkundal(a)redhat.com,
bmaxwell(a)redhat.com, ccoleman(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
csutherl(a)redhat.com, darran.lofthouse(a)redhat.com,
dedgar(a)redhat.com, dimitris(a)redhat.com,
dmcphers(a)redhat.com, dosoudil(a)redhat.com,
felias(a)redhat.com, fgavrilo(a)redhat.com,
gvarsami(a)redhat.com, gzaronik(a)redhat.com,
hchiorea(a)redhat.com, hhorak(a)redhat.com,
ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jclere(a)redhat.com,
jcoleman(a)redhat.com, jdoyle(a)redhat.com,
jgoulding(a)redhat.com, jolee(a)redhat.com,
jondruse(a)redhat.com, jorton(a)redhat.com,
jshepherd(a)redhat.com, kconner(a)redhat.com,
krzysztof.daniel(a)gmail.com, ldimaggi(a)redhat.com,
lgao(a)redhat.com, loleary(a)redhat.com,
mbabacek(a)redhat.com, me(a)coolsvap.net,
mizdebsk(a)redhat.com, myarboro(a)redhat.com,
nwallace(a)redhat.com, pavelp(a)redhat.com,
pgier(a)redhat.com, pjurak(a)redhat.com,
ppalaga(a)redhat.com, psakar(a)redhat.com,
pslavice(a)redhat.com, rnetuka(a)redhat.com,
rstancel(a)redhat.com, rsvoboda(a)redhat.com,
rwagner(a)redhat.com, spinder(a)redhat.com,
sstavrev(a)redhat.com, tcunning(a)redhat.com,
theute(a)redhat.com, tkirby(a)redhat.com,
trick(a)vanstaveren.us, twalsh(a)redhat.com,
vhalbert(a)redhat.com, vtunka(a)redhat.com,
weli(a)redhat.com
The CORS Filter did not add an HTTP Vary header indicating that the response
varies depending on Origin. This permitted client and server side cache
poisoning in some circumstances.
Affected versions: 7.0.41 to 7.0.78, 8.0.0.RC1 to 8.0.44, 8.5.0 to 8.5.15
Upstream patches:
Tomcat 7: https://svn.apache.org/viewvc?view=revision&revision=1795816
Tomcat 8.0.x: https://svn.apache.org/viewvc?view=revision&revision=1795815
Tomcat 8.5.x: https://svn.apache.org/viewvc?view=revision&revision=1795814
External References:
https://tomcat.apache.org/security-7.html
https://tomcat.apache.org/security-8.html
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1524585] New: CVE-2016-4216 xmpcore: XXE resulting in information disclosure
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1524585
Bug ID: 1524585
Summary: CVE-2016-4216 xmpcore: XXE resulting in information
disclosure
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: alazarot(a)redhat.com, anstephe(a)redhat.com,
cedric.olivier(a)free.fr, etirelli(a)redhat.com,
felias(a)redhat.com, hchiorea(a)redhat.com,
ibek(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jolee(a)redhat.com,
kverlaen(a)redhat.com, lpetrovi(a)redhat.com,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pavelp(a)redhat.com, pszubiak(a)redhat.com,
puntogil(a)libero.it, rrajasek(a)redhat.com,
rsynek(a)redhat.com, rzhang(a)redhat.com,
sdaley(a)redhat.com, vhalbert(a)redhat.com
XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to
read arbitrary files via XML data containing an external entity declaration in
conjunction with an entity reference, related to an XML External Entity (XXE)
issue.
External References:
https://helpx.adobe.com/security/products/xmpcore/apsb16-24.html
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1454808] New: CVE-2017-5637 zookeeper: Incorrect input validation with wchp/wchc four letter words
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1454808
Bug ID: 1454808
Summary: CVE-2017-5637 zookeeper: Incorrect input validation
with wchp/wchc four letter words
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: abhgupta(a)redhat.com, aileenc(a)redhat.com,
alazarot(a)redhat.com, chazlett(a)redhat.com,
ctubbsii(a)fedoraproject.org, ethan(a)ethantuttle.com,
etirelli(a)redhat.com, felias(a)redhat.com,
hchiorea(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jolee(a)redhat.com,
kseifried(a)redhat.com, kverlaen(a)redhat.com,
lpetrovi(a)redhat.com, mbaluch(a)redhat.com,
mluscon(a)gmail.com, mwinkler(a)redhat.com,
nwallace(a)redhat.com, pavelp(a)redhat.com,
rrajasek(a)redhat.com, rzhang(a)redhat.com, s(a)shk.io,
tiwillia(a)redhat.com, tkirby(a)redhat.com,
tstclair(a)heptio.com, vhalbert(a)redhat.com
Two four letter word commands “wchp/wchc” are CPU intensive and could cause
spike of CPU utilization on ZooKeeper server if abused, which leads to the
server unable to serve legitimate client requests.
Upstream issue:
https://issues.apache.org/jira/browse/ZOOKEEPER-2693
References:
https://vulners.com/exploitdb/EDB-ID:41277
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1441223] New: CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1441223
Bug ID: 1441223
Summary: CVE-2017-5648 tomcat: Calls to application listeners
did not use the appropriate facade object
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: alee(a)redhat.com, bbaranow(a)redhat.com,
bmaxwell(a)redhat.com, ccoleman(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
csutherl(a)redhat.com, dandread(a)redhat.com,
darran.lofthouse(a)redhat.com, dedgar(a)redhat.com,
dmcphers(a)redhat.com, dosoudil(a)redhat.com,
felias(a)redhat.com, gzaronik(a)redhat.com,
hchiorea(a)redhat.com, hhorak(a)redhat.com,
ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jclere(a)redhat.com,
jcoleman(a)redhat.com, jdoyle(a)redhat.com,
jgoulding(a)redhat.com, joelsmith(a)redhat.com,
jolee(a)redhat.com, jorton(a)redhat.com,
jshepherd(a)redhat.com, krzysztof.daniel(a)gmail.com,
lgao(a)redhat.com, mbabacek(a)redhat.com, me(a)coolsvap.net,
mizdebsk(a)redhat.com, myarboro(a)redhat.com,
nwallace(a)redhat.com, pavelp(a)redhat.com,
pgier(a)redhat.com, psakar(a)redhat.com,
pslavice(a)redhat.com, psotirop(a)redhat.com,
rnetuka(a)redhat.com, rsvoboda(a)redhat.com,
spinder(a)redhat.com, theute(a)redhat.com,
trick(a)vanstaveren.us, twalsh(a)redhat.com,
vhalbert(a)redhat.com, vtunka(a)redhat.com,
weli(a)redhat.com
While investigating bug 60718, it was noticed that some calls to application
listeners did not use the appropriate facade object. When running an untrusted
application under a SecurityManager, it was therefore possible for that
untrusted application to retain a reference to the request or response object
and thereby access and/or modify information associated with another web
application.
Upstream fixes:
Tomcat 7.x:
https://svn.apache.org/viewvc?view=revision&revision=1785777
Tomcat 8.0.x:
https://svn.apache.org/viewvc?view=revision&revision=1785776
Tomcat 8.5.x:
https://svn.apache.org/viewvc?view=revision&revision=1785775
References:
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.76
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.42
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.12
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1441205] New: CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1441205
Bug ID: 1441205
Summary: CVE-2017-5647 tomcat: Incorrect handling of pipelined
requests when send file was used
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: aileenc(a)redhat.com, alazarot(a)redhat.com,
alee(a)redhat.com, bbaranow(a)redhat.com,
bmaxwell(a)redhat.com, ccoleman(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
csutherl(a)redhat.com, dandread(a)redhat.com,
darran.lofthouse(a)redhat.com, dedgar(a)redhat.com,
dmcphers(a)redhat.com, dosoudil(a)redhat.com,
etirelli(a)redhat.com, felias(a)redhat.com,
gvarsami(a)redhat.com, gzaronik(a)redhat.com,
hchiorea(a)redhat.com, hhorak(a)redhat.com,
huwang(a)redhat.com, ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jclere(a)redhat.com,
jcoleman(a)redhat.com, jdoyle(a)redhat.com,
jgoulding(a)redhat.com, joelsmith(a)redhat.com,
jolee(a)redhat.com, jorton(a)redhat.com,
jshepherd(a)redhat.com, kconner(a)redhat.com,
krzysztof.daniel(a)gmail.com, kverlaen(a)redhat.com,
ldimaggi(a)redhat.com, lgao(a)redhat.com,
lpetrovi(a)redhat.com, mbabacek(a)redhat.com,
mbaluch(a)redhat.com, me(a)coolsvap.net,
mizdebsk(a)redhat.com, mwinkler(a)redhat.com,
myarboro(a)redhat.com, nwallace(a)redhat.com,
pavelp(a)redhat.com, pgier(a)redhat.com,
psakar(a)redhat.com, pslavice(a)redhat.com,
psotirop(a)redhat.com, rnetuka(a)redhat.com,
rrajasek(a)redhat.com, rsvoboda(a)redhat.com,
rwagner(a)redhat.com, rzhang(a)redhat.com,
spinder(a)redhat.com, tcunning(a)redhat.com,
theute(a)redhat.com, tkirby(a)redhat.com,
trick(a)vanstaveren.us, twalsh(a)redhat.com,
vhalbert(a)redhat.com, vtunka(a)redhat.com,
weli(a)redhat.com
A bug in the handling of the pipelined requests when send file was used
resulted in the pipelined request being lost when send file processing of the
previous request completed. This could result in responses appearing to be sent
for the wrong request. For example, a user agent that sent requests A, B and C
could see the correct response for request A, the response for request C for
request B and no response for request C.
Affected versions: 6.0.0 to 6.0.52, 7.0.0 to 7.0.76, 8.0.0.RC1 to 8.0.42
Fixed in revisions:
Tomcat 6:
https://svn.apache.org/viewvc?view=revision&revision=1789024
https://svn.apache.org/viewvc?view=revision&revision=1789155
https://svn.apache.org/viewvc?view=revision&revision=1789856
Tomcat 7:
https://svn.apache.org/viewvc?view=revision&revision=1789008
Tomcat 8:
https://svn.apache.org/viewvc?view=revision&revision=1788999
References:
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.53
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.77
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.43
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1397484] New: CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1397484
Bug ID: 1397484
Summary: CVE-2016-6816 tomcat: HTTP Request smuggling
vulnerability due to permitting invalid character in
HTTP requests
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: aileenc(a)redhat.com, alee(a)redhat.com,
aszczucz(a)redhat.com, bbaranow(a)redhat.com,
bdawidow(a)redhat.com, bgollahe(a)redhat.com,
bmaxwell(a)redhat.com, ccoleman(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
csutherl(a)redhat.com, dandread(a)redhat.com,
darran.lofthouse(a)redhat.com, dedgar(a)redhat.com,
dmcphers(a)redhat.com, dosoudil(a)redhat.com,
epp-bugs(a)redhat.com, felias(a)redhat.com,
fnasser(a)redhat.com, gzaronik(a)redhat.com,
hchiorea(a)redhat.com, hfnukal(a)redhat.com,
hhorak(a)redhat.com, ivan.afonichev(a)gmail.com,
jason.greene(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jboss-set(a)redhat.com,
jclere(a)redhat.com, jcoleman(a)redhat.com,
jdg-bugs(a)redhat.com, jdoyle(a)redhat.com,
jgoulding(a)redhat.com, jialiu(a)redhat.com,
joelsmith(a)redhat.com, jokerman(a)redhat.com,
jolee(a)redhat.com, jorton(a)redhat.com,
jpallich(a)redhat.com, jshepherd(a)redhat.com,
kanderso(a)redhat.com, krzysztof.daniel(a)gmail.com,
lgao(a)redhat.com, lmeyer(a)redhat.com,
mbabacek(a)redhat.com, mbaluch(a)redhat.com,
me(a)coolsvap.net, miburman(a)redhat.com,
mizdebsk(a)redhat.com, mmccomas(a)redhat.com,
mnewsome(a)redhat.com, mweiler(a)redhat.com,
myarboro(a)redhat.com, nwallace(a)redhat.com,
ohudlick(a)redhat.com, pavelp(a)redhat.com,
pgier(a)redhat.com, psakar(a)redhat.com,
pslavice(a)redhat.com, rnetuka(a)redhat.com,
rsvoboda(a)redhat.com, rzima(a)redhat.com,
spinder(a)redhat.com, theute(a)redhat.com,
trick(a)vanstaveren.us, ttarrant(a)redhat.com,
twalsh(a)redhat.com, vhalbert(a)redhat.com,
vtunka(a)redhat.com, weli(a)redhat.com
The code that parsed the HTTP request line permitted invalid characters. This
could be exploited, in conjunction with a proxy that also permitted the invalid
characters but with a different interpretation, to inject data into the HTTP
response. By manipulating the HTTP response the attacker could poison a
web-cache, perform an XSS attack and/or obtain sensitive information from
requests other then their own.
Affects: 6.0.0 to 6.0.47, 7.0.0 to 7.0.72, 8.0.0.RC1 to 8.0.38, 8.5.0 to 8.5.6
Upstream patches:
Tomcat 6.0.48: https://svn.apache.org/viewvc?view=rev&rev=1767683
Tomcat 7.0.73: http://svn.apache.org/viewvc?view=rev&rev=1767675
Tomcat 8.0.39: http://svn.apache.org/viewvc?view=rev&rev=1767653
Tomcat 8.5.8: http://svn.apache.org/viewvc?view=rev&rev=1767645
External References:
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months
[Bug 1376712] New: CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1376712
Bug ID: 1376712
Summary: CVE-2016-1240 tomcat: Local privilege escalation via
unsafe file handling in the Tomcat init script
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: alee(a)redhat.com, aszczucz(a)redhat.com,
bbaranow(a)redhat.com, bdawidow(a)redhat.com,
bgollahe(a)redhat.com, bmaxwell(a)redhat.com,
ccoleman(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, csutherl(a)redhat.com,
dandread(a)redhat.com, darran.lofthouse(a)redhat.com,
dedgar(a)redhat.com, dmcphers(a)redhat.com,
dosoudil(a)redhat.com, epp-bugs(a)redhat.com,
felias(a)redhat.com, fnasser(a)redhat.com,
hchiorea(a)redhat.com, hfnukal(a)redhat.com,
hhorak(a)redhat.com, ivan.afonichev(a)gmail.com,
jason.greene(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jboss-set(a)redhat.com,
jclere(a)redhat.com, jcoleman(a)redhat.com,
jdg-bugs(a)redhat.com, jdoyle(a)redhat.com,
jgoulding(a)redhat.com, jialiu(a)redhat.com,
joelsmith(a)redhat.com, jokerman(a)redhat.com,
jolee(a)redhat.com, jorton(a)redhat.com,
jpallich(a)redhat.com, jshepherd(a)redhat.com,
kanderso(a)redhat.com, krzysztof.daniel(a)gmail.com,
lgao(a)redhat.com, lmeyer(a)redhat.com,
mbabacek(a)redhat.com, mbaluch(a)redhat.com,
me(a)coolsvap.net, miburman(a)redhat.com,
mizdebsk(a)redhat.com, mmccomas(a)redhat.com,
mnewsome(a)redhat.com, mweiler(a)redhat.com,
myarboro(a)redhat.com, nwallace(a)redhat.com,
ohudlick(a)redhat.com, pavelp(a)redhat.com,
pgier(a)redhat.com, psakar(a)redhat.com,
pslavice(a)redhat.com, rnetuka(a)redhat.com,
rsvoboda(a)redhat.com, rzima(a)redhat.com,
spinder(a)redhat.com, theute(a)redhat.com,
trick(a)vanstaveren.us, ttarrant(a)redhat.com,
twalsh(a)redhat.com, vhalbert(a)redhat.com,
vtunka(a)redhat.com, weli(a)redhat.com
It was reported that the Tomcat init script performed unsafe file handling,
which could result in local privilege escalation.
References:
http://seclists.org/bugtraq/2016/Sep/26
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 2 months