Support / Security / Advisories / Mandriva Linux 2008.1 / MDVSA-2009:018

Package name: tomcat5
Date: 2009-01-16
Advisory ID: MDVSA-2009:018
Affected versions: 2008.1 x86_64 , 2008.1 i586

Problem description

Apache Tomcat does not properly handle certain characters in a cookie
value, which could possibly lead to the leak of sensitive information
such as session IDs (CVE-2007-5333).

The updated packages have been patched to prevent this issue.

Updated packages

2008.1 x86_64

 487e4d61d35d204ed3a6434153a41770  2008.1/x86_64/tomcat5-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 cc1781c4ae7c9dac71866572fe48b771  2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 b9835f802b0827a34fc99e4e959074b5  2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 77d7e197b3ababc702bddf17d9442c45  2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 6cc1549ac8610acb83678eb2323b7525  2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 082baa5fdbb552b7c519008cabeaf514  2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 4637956ec02229c867448f3e5b026368  2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 0a6062f4039d2f76ae89911bb2ab5ac6  2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 e70ddb331223b12255ea321b2c12de5b  2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 d839046008950ac06d63b9b5389a2e36  2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 56cc4c6e421e81091e103d2d02bcdbc5  2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm
 6a18fb4936f918294641fa63538aba13  2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.2mdv2008.1.x86_64.rpm 
 0f53b8347922bd4df159fb7fe7685c4d  2008.1/SRPMS/tomcat5-5.5.25-1.2.1.2mdv2008.1.src.rpm

2008.1 i586

 990a9d6ffae7be5841f9a9073be4d0af  2008.1/i586/tomcat5-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 223876925f17ef248c6ff17d4accb563  2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 7436c767a849437fd50b7e79d1666097  2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 7cd33808c56ceb9ddeab3d319a372114  2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 2e7f6a381670859429d071857f090fbe  2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 3cc0b00b623ddaf17f139a21f10db64d  2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 e872e87d9b621ba00bf08ce6ffd97834  2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 bf4dee3baeb2250edb0bcd6cd0f9d230  2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 3355b29e70c1c9bcebcd682b65223d5f  2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 b80984a00d8d52d56fe2a151254bb131  2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 2dfd81094518a497ede031ee151ef970  2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.2mdv2008.1.i586.rpm
 8c44749cd7df3d596fd5873a4cd34666  2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.2mdv2008.1.i586.rpm 
 0f53b8347922bd4df159fb7fe7685c4d  2008.1/SRPMS/tomcat5-5.5.25-1.2.1.2mdv2008.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333