Security Advisory Important: tomcat security update

Advisory: RHSA-2008:0648-10
Type: Security Advisory
Severity: Important
Issued on: 2008-08-27
Last updated on: 2008-08-27
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.2.z server)
OVAL: com.redhat.rhsa-20080648.xml
CVEs (cve.mitre.org): CVE-2008-1232
CVE-2008-1947
CVE-2008-2370
CVE-2008-2938

Details

Updated tomcat packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)

An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)

A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)

An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)

Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
tomcat5-5.5.23-0jpp.7.el5_2.1.src.rpm
File outdated by:  RHSA-2009:1164		     01f8d03aff1ca7b6e12e9f19fa3f1ed9
 
IA-32:
tomcat5-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     2b9f5aab29f2001ba4686b41a1c9eeb6
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     1cc4af9689807202704824bbd9b00b62
tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     4384ed3a42fbd7754a8d9d3c7e3bde07
tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     3e6737e7cf97e4c077b13f4779c83dd5
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     0c6b09c58c988782f586ef214ad5f24a
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     5d2b81d734ffe030c88a0c772c27a4d1
tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     4237ea19b116ce9b9b432d5aa3def16e
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     c8e5fe9f29bf74af2fca81b61b463364
tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     f6a80efffe1d4bcd746dd1324209cabe
 
x86_64:
tomcat5-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     023b61b3b7073025d7b1e7fc1940b20a
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     b290280cd101212e5ea390264de5b88d
tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     32657cff5ab83d2d21ea6cbe9c924969
tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     6e7ac072fcbb2fd01e4600d21a2342ff
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     f5c848c3e18a53938bad82a6f18c0958
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     48334f5f0dbbae18053c9dd81c7dc286
tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     4f27a10dbc41e4a152148dd5753c5b3a
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     61747983ed0704ee3d47e3724d50db52
tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     b85e65ab1726a0726bbd775ea10a1a2a
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
tomcat5-5.5.23-0jpp.7.el5_2.1.src.rpm
File outdated by:  RHSA-2009:1164		     01f8d03aff1ca7b6e12e9f19fa3f1ed9
 
IA-32:
tomcat5-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     2b9f5aab29f2001ba4686b41a1c9eeb6
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     1cc4af9689807202704824bbd9b00b62
tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     4384ed3a42fbd7754a8d9d3c7e3bde07
tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     3e6737e7cf97e4c077b13f4779c83dd5
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     0c6b09c58c988782f586ef214ad5f24a
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     6c29b02632eaeae848b208aa150301c2
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     5d2b81d734ffe030c88a0c772c27a4d1
tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     4237ea19b116ce9b9b432d5aa3def16e
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     bf61d99c792ccbb509aea89efdee49e0
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     c8e5fe9f29bf74af2fca81b61b463364
tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     f6a80efffe1d4bcd746dd1324209cabe
 
IA-64:
tomcat5-5.5.23-0jpp.7.el5_2.1.ia64.rpm
File outdated by:  RHSA-2009:1164		     ed44881fede62286727c1993e60b2282
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.ia64.rpm
File outdated by:  RHSA-2009:1164		     f300627f88454d386771112a6fe48404
tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.ia64.rpm
File outdated by:  RHSA-2009:1164		     cc8637db160fb3f430195050717096ef
tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.ia64.rpm
File outdated by:  RHSA-2009:1164		     5b27b9579172a33e03cd5c2671e0c83b
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.ia64.rpm
File outdated by:  RHSA-2009:1164		     e98e53f2cae6856efd6ba231427823fa
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.ia64.rpm
File outdated by:  RHSA-2009:1164		     db7fe46af2c221d1ba1380f5bc6046f3
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.ia64.rpm
File outdated by:  RHSA-2009:1164		     cb43f1f9c01b00d4a93b2cfb5bd38169
tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.ia64.rpm
File outdated by:  RHSA-2009:1164		     ecec0e7a08bc168f23cbaad477365c9a
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.ia64.rpm
File outdated by:  RHSA-2009:1164		     bfd5ce3250810a5729fb503411633332
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.ia64.rpm
File outdated by:  RHSA-2009:1164		     b050cd3fe15afac11c6f9cb7275b4ad6
tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.ia64.rpm
File outdated by:  RHSA-2009:1164		     42caadaeb796469d320b82215d658775
 
PPC:
tomcat5-5.5.23-0jpp.7.el5_2.1.ppc.rpm
File outdated by:  RHSA-2009:1164		     29d1f5941310af0a2a9328b37f5f5340
tomcat5-5.5.23-0jpp.7.el5_2.1.ppc64.rpm
File outdated by:  RHSA-2009:1164		     1e8edbf9b9b7132df474333185917da4
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.ppc.rpm
File outdated by:  RHSA-2009:1164		     4654acd6d9e498aeb8a4ff3d5a53c582
tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.ppc.rpm
File outdated by:  RHSA-2009:1164		     b408273d7b42e87e5bc6677807cf9db9
tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.ppc.rpm
File outdated by:  RHSA-2009:1164		     6d9ad2734159c35ad6ee0c78d8c24355
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.ppc.rpm
File outdated by:  RHSA-2009:1164		     8ad8b9e42db505670c295dd5edcda4a5
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.ppc.rpm
File outdated by:  RHSA-2009:1164		     cda59e094521cfe2ae650ec36da479a9
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.ppc.rpm
File outdated by:  RHSA-2009:1164		     14ef78b713dadb495e012196b3a59ede
tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.ppc.rpm
File outdated by:  RHSA-2009:1164		     ba46853dae70d17cab2dfe7a60059885
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.ppc.rpm
File outdated by:  RHSA-2009:1164		     c4de5b56a4e7c5565d0b96140a60cb33
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.ppc.rpm
File outdated by:  RHSA-2009:1164		     e3619fb2c372399c7884c3c26819a725
tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.ppc.rpm
File outdated by:  RHSA-2009:1164		     3337909f96488c2f5d044cc4e53845ad
 
s390x:
tomcat5-5.5.23-0jpp.7.el5_2.1.s390x.rpm
File outdated by:  RHSA-2009:1164		     f71bcbf14f4914960711a67111b433cf
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.s390x.rpm
File outdated by:  RHSA-2009:1164		     1f15395aee06b5f6d88f77562515b8a4
tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.s390x.rpm
File outdated by:  RHSA-2009:1164		     54503896d91d8cf8bcd044b780b1a5d9
tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.s390x.rpm
File outdated by:  RHSA-2009:1164		     c837e732bdbeb0f039294b7905585d49
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.s390x.rpm
File outdated by:  RHSA-2009:1164		     d0b4bc116fae6bc96868829747d6c76f
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.s390x.rpm
File outdated by:  RHSA-2009:1164		     8cce60f76dab93aaa27b7f7de1092fe0
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.s390x.rpm
File outdated by:  RHSA-2009:1164		     671a5fb82c45c9bd6c1032aca5f05c82
tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.s390x.rpm
File outdated by:  RHSA-2009:1164		     2811d467882d4d7203f61346d55967f6
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.s390x.rpm
File outdated by:  RHSA-2009:1164		     50382695ac157b4746a06367c27be0f7
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.s390x.rpm
File outdated by:  RHSA-2009:1164		     66add1d2d8354ce7e499e07950fe0cb4
tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.s390x.rpm
File outdated by:  RHSA-2009:1164		     441f0c9a2008b8ec9dc72cf9d3650c57
 
x86_64:
tomcat5-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     023b61b3b7073025d7b1e7fc1940b20a
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     b290280cd101212e5ea390264de5b88d
tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     32657cff5ab83d2d21ea6cbe9c924969
tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     6e7ac072fcbb2fd01e4600d21a2342ff
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     f5c848c3e18a53938bad82a6f18c0958
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     fe301b0ec04939bc4880e32d9cd0ef64
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     48334f5f0dbbae18053c9dd81c7dc286
tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     4f27a10dbc41e4a152148dd5753c5b3a
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     54aad2a1d999a0e2fa18a67bce891aa3
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     61747983ed0704ee3d47e3724d50db52
tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     b85e65ab1726a0726bbd775ea10a1a2a
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
tomcat5-5.5.23-0jpp.7.el5_2.1.src.rpm
File outdated by:  RHSA-2009:1164		     01f8d03aff1ca7b6e12e9f19fa3f1ed9
 
IA-32:
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     6c29b02632eaeae848b208aa150301c2
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.i386.rpm
File outdated by:  RHSA-2009:1164		     bf61d99c792ccbb509aea89efdee49e0
 
x86_64:
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     fe301b0ec04939bc4880e32d9cd0ef64
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm
File outdated by:  RHSA-2009:1164		     54aad2a1d999a0e2fa18a67bce891aa3
 
Red Hat Enterprise Linux EUS (v. 5.2.z server)
SRPMS:
tomcat5-5.5.23-0jpp.7.el5_2.1.src.rpm
File outdated by:  RHSA-2009:1164		     01f8d03aff1ca7b6e12e9f19fa3f1ed9
 
IA-32:
tomcat5-5.5.23-0jpp.7.el5_2.1.i386.rpm     2b9f5aab29f2001ba4686b41a1c9eeb6
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.i386.rpm     1cc4af9689807202704824bbd9b00b62
tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.i386.rpm     4384ed3a42fbd7754a8d9d3c7e3bde07
tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.i386.rpm     3e6737e7cf97e4c077b13f4779c83dd5
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm     0c6b09c58c988782f586ef214ad5f24a
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.i386.rpm     6c29b02632eaeae848b208aa150301c2
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm     5d2b81d734ffe030c88a0c772c27a4d1
tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.i386.rpm     4237ea19b116ce9b9b432d5aa3def16e
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.i386.rpm     bf61d99c792ccbb509aea89efdee49e0
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm     c8e5fe9f29bf74af2fca81b61b463364
tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.i386.rpm     f6a80efffe1d4bcd746dd1324209cabe
 
IA-64:
tomcat5-5.5.23-0jpp.7.el5_2.1.ia64.rpm     ed44881fede62286727c1993e60b2282
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.ia64.rpm     f300627f88454d386771112a6fe48404
tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.ia64.rpm     cc8637db160fb3f430195050717096ef
tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.ia64.rpm     5b27b9579172a33e03cd5c2671e0c83b
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.ia64.rpm     e98e53f2cae6856efd6ba231427823fa
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.ia64.rpm     db7fe46af2c221d1ba1380f5bc6046f3
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.ia64.rpm     cb43f1f9c01b00d4a93b2cfb5bd38169
tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.ia64.rpm     ecec0e7a08bc168f23cbaad477365c9a
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.ia64.rpm     bfd5ce3250810a5729fb503411633332
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.ia64.rpm     b050cd3fe15afac11c6f9cb7275b4ad6
tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.ia64.rpm     42caadaeb796469d320b82215d658775
 
PPC:
tomcat5-5.5.23-0jpp.7.el5_2.1.ppc.rpm     29d1f5941310af0a2a9328b37f5f5340
tomcat5-5.5.23-0jpp.7.el5_2.1.ppc64.rpm     1e8edbf9b9b7132df474333185917da4
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.ppc.rpm     4654acd6d9e498aeb8a4ff3d5a53c582
tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.ppc.rpm     b408273d7b42e87e5bc6677807cf9db9
tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.ppc.rpm     6d9ad2734159c35ad6ee0c78d8c24355
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.ppc.rpm     8ad8b9e42db505670c295dd5edcda4a5
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.ppc.rpm     cda59e094521cfe2ae650ec36da479a9
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.ppc.rpm     14ef78b713dadb495e012196b3a59ede
tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.ppc.rpm     ba46853dae70d17cab2dfe7a60059885
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.ppc.rpm     c4de5b56a4e7c5565d0b96140a60cb33
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.ppc.rpm     e3619fb2c372399c7884c3c26819a725
tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.ppc.rpm     3337909f96488c2f5d044cc4e53845ad
 
s390x:
tomcat5-5.5.23-0jpp.7.el5_2.1.s390x.rpm     f71bcbf14f4914960711a67111b433cf
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.s390x.rpm     1f15395aee06b5f6d88f77562515b8a4
tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.s390x.rpm     54503896d91d8cf8bcd044b780b1a5d9
tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.s390x.rpm     c837e732bdbeb0f039294b7905585d49
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.s390x.rpm     d0b4bc116fae6bc96868829747d6c76f
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.s390x.rpm     8cce60f76dab93aaa27b7f7de1092fe0
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.s390x.rpm     671a5fb82c45c9bd6c1032aca5f05c82
tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.s390x.rpm     2811d467882d4d7203f61346d55967f6
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.s390x.rpm     50382695ac157b4746a06367c27be0f7
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.s390x.rpm     66add1d2d8354ce7e499e07950fe0cb4
tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.s390x.rpm     441f0c9a2008b8ec9dc72cf9d3650c57
 
x86_64:
tomcat5-5.5.23-0jpp.7.el5_2.1.x86_64.rpm     023b61b3b7073025d7b1e7fc1940b20a
tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm     b290280cd101212e5ea390264de5b88d
tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.x86_64.rpm     32657cff5ab83d2d21ea6cbe9c924969
tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.x86_64.rpm     6e7ac072fcbb2fd01e4600d21a2342ff
tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm     f5c848c3e18a53938bad82a6f18c0958
tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm     fe301b0ec04939bc4880e32d9cd0ef64
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm     48334f5f0dbbae18053c9dd81c7dc286
tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.x86_64.rpm     4f27a10dbc41e4a152148dd5753c5b3a
tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm     54aad2a1d999a0e2fa18a67bce891aa3
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm     61747983ed0704ee3d47e3724d50db52
tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm     b85e65ab1726a0726bbd775ea10a1a2a
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

446393 - CVE-2008-1947 Tomcat host manager xss - name field
456120 - CVE-2008-2938 tomcat Unicode directory traversal vulnerability
457597 - CVE-2008-1232 tomcat: Cross-Site-Scripting enabled by sendError call
457934 - CVE-2008-2370 tomcat RequestDispatcher information disclosure vulnerability


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
http://www.redhat.com/security/updates/classification/#important

Keywords

Security

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/