Skip to navigation

Security Advisory Important: tomcat5 security update

Advisory: RHSA-2010:0580-1
Type: Security Advisory
Severity: Important
Issued on: 2010-08-02
Last updated on: 2010-08-02
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2009-2693
CVE-2009-2696
CVE-2009-2902
CVE-2010-2227

Details

Updated tomcat5 packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A flaw was found in the way Tomcat handled the Transfer-Encoding header in
HTTP requests. A specially-crafted HTTP request could prevent Tomcat from
sending replies, or cause Tomcat to return truncated replies, or replies
containing data related to the requests of other users, for all subsequent
HTTP requests. (CVE-2010-2227)

The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text
stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw
in the examples calendar application. With some web browsers, remote
attackers could use this flaw to inject arbitrary web script or HTML via
the "time" parameter. (CVE-2009-2696)

Two directory traversal flaws were found in the Tomcat deployment process.
A specially-crafted WAR file could, when deployed, cause a file to be
created outside of the web root into any directory writable by the Tomcat
user, or could lead to the deletion of files in the Tomcat host's work
directory. (CVE-2009-2693, CVE-2009-2902)

Users of Tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues. Tomcat must be restarted for
this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
tomcat5-5.5.23-0jpp.9.el5_5.src.rpm
File outdated by:  RHSA-2013:0870
    MD5: f272f2a0bd7e602e12ca032bdeb023f3
SHA-256: 55973124f6fe479cec9782c116a77a65945e88edc093c74cb1c18743da08fbbc
 
IA-32:
tomcat5-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 38525d584e283aaf95c4417fc9ee2955
SHA-256: c2bb5125664506a13fc1face3df878ec7955d078658274e7512db6fafe8edabc
tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 27d0ff18f912b00781d1575766d399f2
SHA-256: 6f40cbc553403ab1b130ee1acaeef582e6aa7d66deccd7f7c5078d2460bd3dc4
tomcat5-common-lib-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: d1e07209acf2b1a84ee70886912e3677
SHA-256: b2db63171e9b7f1f7f3a606b3823cd77e61ccd09fe7af2ed37ea19b86521e97a
tomcat5-jasper-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: a02504846b91cd577ad8440bd2a6fc3b
SHA-256: be0b32ca37102a96a7c19a7e1a994a80eb4c28ea86d044b487d2c270147e7dce
tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 3b4fb183e48bcce10ca6343be15795d5
SHA-256: f00b5cb8c36fe3b24687c9d7b7bd24273f742496df82b51d075dd65f1c74b64a
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 51f4ca409e38c998afd3dcc2defe71b8
SHA-256: 7062bcd691bb5bd1fd3d813851a413e2324da09288d10a2364d1e70c04a5261e
tomcat5-server-lib-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: a86b74e7082d3491a43242569fbce594
SHA-256: 83ea25a31d2b1901f1c773cd401f64688d835396238a1791a3cc3ff91f9170b2
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 7ba5ec87016b77a633bde714ce3d404f
SHA-256: 71c8cedcde268e3555fac4c32550f3841429b7875bea64f238b2b643bbce5723
tomcat5-webapps-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 32a2607a0d07268891f6b2080dfa1880
SHA-256: 9a6e12ad38a2dddac3fa24e97e41bf9610fd060539d8742874e7c1ec40d6fc6e
 
x86_64:
tomcat5-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8ac640533cf745973099ecdf2a473c84
SHA-256: 60a5ef023d32ab096de0020c5301a571bee2f947ac0d50ccb7783dbd575f02a6
tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 1b75d19a5c75bbf842c5359b0b00e223
SHA-256: 8e16b8cab39e9668722e03051c69a98847c398283ad5a0bf5de3f572aa0c8120
tomcat5-common-lib-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: b3c185e7e3bea50b78a10f2de6e4724a
SHA-256: a10c49b7f0bc15287083b2a2b556d5ef4df555eff5b80cea33926bba94e20250
tomcat5-jasper-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: e5c10f68bb7e0600eabb69f764578162
SHA-256: 821268c17f2c2c243957d79cf252a8361506866e4a7ee14c78006c62afbdd5d4
tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 93780f464c1efd4c6718520c0b389348
SHA-256: b082c23eac71b010380454723911efa7b243c3a9091cbbfe330d1f3171dd4cbb
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: c854de619094f70d5739984633154512
SHA-256: ba74b9b6743f24b037e1a70ebb64f213dd258f9984ef9574f7f1787bc0cb5919
tomcat5-server-lib-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: f1ee122cd957bb0c940bb2cda55e8dcd
SHA-256: 4dbea3ca96d86bc09da87b73d0ec261abb91899d69644797d807b894aeb5122b
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 740a267604ebb4ce6606bc52c8d8160e
SHA-256: 293c98b20c3aeeb57b2329a6bfdaa21d056c498970f7c633987ce7cf40de1ae4
tomcat5-webapps-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8db263b6f529830ce399ef15971ee6f6
SHA-256: 1cb1f79c289349d00428f00a2de81aff56c23e38a70c8cf963414ad636b8b599
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
tomcat5-5.5.23-0jpp.9.el5_5.src.rpm
File outdated by:  RHSA-2013:0870
    MD5: f272f2a0bd7e602e12ca032bdeb023f3
SHA-256: 55973124f6fe479cec9782c116a77a65945e88edc093c74cb1c18743da08fbbc
 
IA-32:
tomcat5-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 38525d584e283aaf95c4417fc9ee2955
SHA-256: c2bb5125664506a13fc1face3df878ec7955d078658274e7512db6fafe8edabc
tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 27d0ff18f912b00781d1575766d399f2
SHA-256: 6f40cbc553403ab1b130ee1acaeef582e6aa7d66deccd7f7c5078d2460bd3dc4
tomcat5-common-lib-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: d1e07209acf2b1a84ee70886912e3677
SHA-256: b2db63171e9b7f1f7f3a606b3823cd77e61ccd09fe7af2ed37ea19b86521e97a
tomcat5-jasper-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: a02504846b91cd577ad8440bd2a6fc3b
SHA-256: be0b32ca37102a96a7c19a7e1a994a80eb4c28ea86d044b487d2c270147e7dce
tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 3b4fb183e48bcce10ca6343be15795d5
SHA-256: f00b5cb8c36fe3b24687c9d7b7bd24273f742496df82b51d075dd65f1c74b64a
tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 341f9b7f64375f9cea0c628eb61d8fd2
SHA-256: 2660b2100b750cdc88132f199fb357242878f3839bebef34e993fe8a04b23166
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 51f4ca409e38c998afd3dcc2defe71b8
SHA-256: 7062bcd691bb5bd1fd3d813851a413e2324da09288d10a2364d1e70c04a5261e
tomcat5-server-lib-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: a86b74e7082d3491a43242569fbce594
SHA-256: 83ea25a31d2b1901f1c773cd401f64688d835396238a1791a3cc3ff91f9170b2
tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 39b5c53c4769569c00c342e80143f306
SHA-256: 1400e94f4f98216d80b73d35a6cf1d5783a4b5c43c1aae64cc7e1deaac38d37d
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 7ba5ec87016b77a633bde714ce3d404f
SHA-256: 71c8cedcde268e3555fac4c32550f3841429b7875bea64f238b2b643bbce5723
tomcat5-webapps-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 32a2607a0d07268891f6b2080dfa1880
SHA-256: 9a6e12ad38a2dddac3fa24e97e41bf9610fd060539d8742874e7c1ec40d6fc6e
 
IA-64:
tomcat5-5.5.23-0jpp.9.el5_5.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 2a2d55f671a3850d3936b6520d6cf90c
SHA-256: 033e376ad09398d4b710882d5d852ddde8b0d13bba2703de07f2b519eb2df3c0
tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: a7a50a8b330d6d21386f81449ed9180d
SHA-256: 663cf4f7cf9fc71c9ed17476e10a62c1fef4f48a715d954fb79ee158b6bc543c
tomcat5-common-lib-5.5.23-0jpp.9.el5_5.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8ff816c62eeb9b6a359e33cfd66a81b6
SHA-256: 53bc1d0f40f32af3814320a0eda874a3fe33417601970e832dedc42432f219bf
tomcat5-jasper-5.5.23-0jpp.9.el5_5.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 308484fed6d921d6efa59bac3c358f44
SHA-256: 29282b2162df852d624bc961159102bb185f22dbeb520e76a6246ed64bd354d8
tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 198ba996fafa664a780f223eac5d0d9b
SHA-256: 2f00535badd2dfe2838e1d8866675da6ac6a26ae6a712d0774587473db6419b5
tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 05ca8568e3f1231242fa96e1d5f562f8
SHA-256: 24eb8c9ce053cb533392522dda98c1db25d6de4521352c3cbd86f79fce5a0742
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 01cd1028f306e1dcfcfbba051b734747
SHA-256: 9d5147215b93bbf7dc9b1d67cbdcb84b02c06f265bdc80d7472a91aac1dc835b
tomcat5-server-lib-5.5.23-0jpp.9.el5_5.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 5feada3fa7cbd92109829fa51f3309bc
SHA-256: 894abb3caf1507dfe21467aaa26e395c4c8d7a5d41d841b4a59807b5a93b5051
tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 276cd9f2b96af7839b58488ad3a9efe7
SHA-256: 03e742937e381f6a6a92135ea8d3092af847e6fc67a0e4acb1f664b27678b29b
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: d0339aa71d76f7b032f7f07520c4f0fa
SHA-256: 7ba658c3b43c4a6a9c84e1959e3c0d261a33a15c2d3a7844e634a7104865322e
tomcat5-webapps-5.5.23-0jpp.9.el5_5.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 33552d8a937db78616bdaba968161b3b
SHA-256: 10b3d7b3021979e54b7866782394828c5ad9dd206c6fef41346dc0f0f6735ca2
 
PPC:
tomcat5-5.5.23-0jpp.9.el5_5.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: a2564656444a47df87a47b6ace1e8784
SHA-256: 159932c3cf20f1ebd0f63fd74c7097fe49bb10b3593990c5421a10919f901a14
tomcat5-5.5.23-0jpp.9.el5_5.ppc64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 75bf0b7f06af3213cc84803f56ec0d97
SHA-256: cbd4fd50e4992ac65499ebe67e65999e95329c5cd9d4ab97da80ec7fccfc670c
tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 5799b19207ea2f7bba8dd0cfb12f0ac4
SHA-256: 125c8fa47c9e6bcb9c894d37faa3f6e306597f1ce2562a5ca10942eed9e0e865
tomcat5-common-lib-5.5.23-0jpp.9.el5_5.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: c0c5270ad34d3a09f3d59c448b10db06
SHA-256: 405c00d0b57d8617ac85a38cee4eef999e41bc04ff930a8ccba85271756ddc60
tomcat5-jasper-5.5.23-0jpp.9.el5_5.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 475d57c3434c8e51c24e89457dbaf6c8
SHA-256: 2cd520c81c0958fdee5795bca7fdca59dc79ebccf6022bf5f27507177fce03ee
tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 138ac542156ab85526d29bac3d5b56de
SHA-256: 12a25ddc9f702cdda621938dabdf5dfb14b59e5eda3a410737e20878fb82b7a0
tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: baaca095554f8f55a28f29440536b14c
SHA-256: a05f5af4a832b3a1382f7207a8f6f936566e5a9b3d82fc16d38d496679f7aff7
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: d95ae83cb0810f8ec11538182753156f
SHA-256: ee89b6435990430809541ebca2ea9fb62795aa46151c83fe18b2606036a2c8f7
tomcat5-server-lib-5.5.23-0jpp.9.el5_5.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: e5c4186f44f66692a2d87de9cf61f2fc
SHA-256: deb54f30e1d028ce5bb7bd3ffc060bbbc102ee39542543fac745d5cf1fdebe26
tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 875e1805463452eff45a1ea413dfb037
SHA-256: 91fb35d0fe3405c9171749cee33add54f5c60b5c8187476b0219fa6c49a659e8
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 5dfb00b8dd4dc54eb97973c1f32f8ea1
SHA-256: 9ffda65a0f1ddf2dae2793b81ea868d3a935af2e90a74efd3bb76e5d048dd41a
tomcat5-webapps-5.5.23-0jpp.9.el5_5.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: fae043c9c54f1cc2287e58d84fb3dea7
SHA-256: d709abbad94eda6b1f1b8a6a23a80721537a6ada4b95f70dc34d09e18a6e6d33
 
s390x:
tomcat5-5.5.23-0jpp.9.el5_5.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 67f716686ad4c99b78fd8d6dcd2e7d56
SHA-256: 5a2b410009d1e70684eb4fcef99fa159cc4140cdf18fb2523a9fdee5818a2fdd
tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 3153411381355d9ca68e05e0a55c4602
SHA-256: 8bac46f0e97cc2e83ab5551418067d5b61f68b78f31bc8378e4efacf63474c23
tomcat5-common-lib-5.5.23-0jpp.9.el5_5.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: bbc325a4915c2185b4d9166f1577d908
SHA-256: 96634fba3531bb71367c1e067172f0288dcdfa2bc3777a661987508c6bcec47e
tomcat5-jasper-5.5.23-0jpp.9.el5_5.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: ffce63a51685547e9a98d2b087f0cdf3
SHA-256: 7e21e8997057c34487b69a97f43b958b1c79feb10c340f84f39eb97990d5231e
tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 4653dc1efa63c4be508a60684f5292e6
SHA-256: 86ad6e33099bf2c2e64a1794069a406c085978ae9b06069470cdf02ed3635914
tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 9c136e530af0544e361931aeeb005600
SHA-256: 4450cd98e471a04781adc430478c310b776b20faddd8d8d4645f29e138f398a4
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 63c7caa3e4288380f9f0f59f810e04a1
SHA-256: c98c2a1e267f3e9d271bd6c5b9a7af02f92c03178a6a44bddb01e3926253de12
tomcat5-server-lib-5.5.23-0jpp.9.el5_5.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 15e577d6c5dec7ab938eeb09564afb6d
SHA-256: 7e1999356e40112a0b63f5b1918330c4af63c2947efa9877d4647d8570a1fe6b
tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 120e1d05ca2ae7424f774e0cad8e3124
SHA-256: 998c22daebdeaa0a2178ab0281e0c47996c4613f86d147ac48f9b74b863df599
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 7f1ff631270cc0b798d0342f39d2e575
SHA-256: b7333d6e484a6ed2c7803726db07902eadc77cb0e481b86913f8b751ccbfb6ee
tomcat5-webapps-5.5.23-0jpp.9.el5_5.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: f259c20e681c02f7346da3ddb4c7e0bc
SHA-256: e401894b04361170f47ed85e90bd10446f76b14cdee9f0119d488912bdf41906
 
x86_64:
tomcat5-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8ac640533cf745973099ecdf2a473c84
SHA-256: 60a5ef023d32ab096de0020c5301a571bee2f947ac0d50ccb7783dbd575f02a6
tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 1b75d19a5c75bbf842c5359b0b00e223
SHA-256: 8e16b8cab39e9668722e03051c69a98847c398283ad5a0bf5de3f572aa0c8120
tomcat5-common-lib-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: b3c185e7e3bea50b78a10f2de6e4724a
SHA-256: a10c49b7f0bc15287083b2a2b556d5ef4df555eff5b80cea33926bba94e20250
tomcat5-jasper-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: e5c10f68bb7e0600eabb69f764578162
SHA-256: 821268c17f2c2c243957d79cf252a8361506866e4a7ee14c78006c62afbdd5d4
tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 93780f464c1efd4c6718520c0b389348
SHA-256: b082c23eac71b010380454723911efa7b243c3a9091cbbfe330d1f3171dd4cbb
tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 091121fed66de6f0cdaee2ede9d05499
SHA-256: 7d9f7beba51713efb7364c085263c98e7925348a7ee838c26c4e2e643f9dca26
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: c854de619094f70d5739984633154512
SHA-256: ba74b9b6743f24b037e1a70ebb64f213dd258f9984ef9574f7f1787bc0cb5919
tomcat5-server-lib-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: f1ee122cd957bb0c940bb2cda55e8dcd
SHA-256: 4dbea3ca96d86bc09da87b73d0ec261abb91899d69644797d807b894aeb5122b
tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: c58a07314a3fc4ada6814db2a7d8cebf
SHA-256: 1eb3277e64485445cd224da31ae55ff427745a3eaf6d08156a4cce115024ee5b
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 740a267604ebb4ce6606bc52c8d8160e
SHA-256: 293c98b20c3aeeb57b2329a6bfdaa21d056c498970f7c633987ce7cf40de1ae4
tomcat5-webapps-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8db263b6f529830ce399ef15971ee6f6
SHA-256: 1cb1f79c289349d00428f00a2de81aff56c23e38a70c8cf963414ad636b8b599
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
tomcat5-5.5.23-0jpp.9.el5_5.src.rpm
File outdated by:  RHSA-2013:0870
    MD5: f272f2a0bd7e602e12ca032bdeb023f3
SHA-256: 55973124f6fe479cec9782c116a77a65945e88edc093c74cb1c18743da08fbbc
 
IA-32:
tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 341f9b7f64375f9cea0c628eb61d8fd2
SHA-256: 2660b2100b750cdc88132f199fb357242878f3839bebef34e993fe8a04b23166
tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 39b5c53c4769569c00c342e80143f306
SHA-256: 1400e94f4f98216d80b73d35a6cf1d5783a4b5c43c1aae64cc7e1deaac38d37d
 
x86_64:
tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 091121fed66de6f0cdaee2ede9d05499
SHA-256: 7d9f7beba51713efb7364c085263c98e7925348a7ee838c26c4e2e643f9dca26
tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: c58a07314a3fc4ada6814db2a7d8cebf
SHA-256: 1eb3277e64485445cd224da31ae55ff427745a3eaf6d08156a4cce115024ee5b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

559738 - CVE-2009-2693 tomcat: unexpected file deletion and/or alteration
559761 - CVE-2009-2902 tomcat: unexpected file deletion in work directory
612799 - CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header
616717 - CVE-2009-2696 tomcat: missing fix for CVE-2009-0781


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/