Skip to navigation

Security Advisory Moderate: tomcat6 security and bug fix update

Advisory: RHSA-2011:0791-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-05-19
Last updated on: 2011-05-19
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2010-3718
CVE-2010-4172
CVE-2011-0013

Details

Updated tomcat6 packages that fix three security issues and several bugs
are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

It was found that web applications could modify the location of the Tomcat
host's work directory. As web applications deployed on Tomcat have read and
write access to this directory, a malicious web application could use this
flaw to trick Tomcat into giving it read and write access to an arbitrary
directory on the file system. (CVE-2010-3718)

A cross-site scripting (XSS) flaw was found in the Manager application,
used for managing web applications on Tomcat. If a remote attacker could
trick a user who is logged into the Manager application into visiting a
specially-crafted URL, the attacker could perform Manager application tasks
with the privileges of the logged in user. (CVE-2010-4172)

A second cross-site scripting (XSS) flaw was found in the Manager
application. A malicious web application could use this flaw to conduct an
XSS attack, leading to arbitrary web script execution with the privileges
of victims who are logged into and viewing Manager application web pages.
(CVE-2011-0013)

This update also fixes the following bugs:

* A bug in the "tomcat6" init script prevented additional Tomcat instances
from starting. As well, running "service tomcat6 start" caused
configuration options applied from "/etc/sysconfig/tomcat6" to be
overwritten with those from "/etc/tomcat6/tomcat6.conf". With this update,
multiple instances of Tomcat run as expected. (BZ#636997)

* The "/usr/share/java/" directory was missing a symbolic link to the
"/usr/share/tomcat6/bin/tomcat-juli.jar" library. Because this library was
mandatory for certain operations (such as running the Jasper JSP
precompiler), the "build-jar-repository" command was unable to compose a
valid classpath. With this update, the missing symbolic link has been
added. (BZ#661244)

* Previously, the "tomcat6" init script failed to start Tomcat with a "This
account is currently not available." message when Tomcat was configured to
run under a user that did not have a valid shell configured as a login
shell. This update modifies the init script to work correctly regardless of
the daemon user's login shell. Additionally, these new tomcat6 packages now
set "/sbin/nologin" as the login shell for the "tomcat" user upon
installation, as recommended by deployment best practices. (BZ#678671)

* Some standard Tomcat directories were missing write permissions for the
"tomcat" group, which could cause certain applications to fail with errors
such as "No output folder". This update adds write permissions for the
"tomcat" group to the affected directories. (BZ#643809)

* The "/usr/sbin/tomcat6" wrapper script used a hard-coded path to the
"catalina.out" file, which may have caused problems (such as for logging
init script output) if Tomcat was being run with a user other than "tomcat"
and with CATALINA_BASE set to a directory other than the default.
(BZ#695284, BZ#697504)

* Stopping Tomcat could have resulted in traceback errors being logged to
"catalina.out" when certain web applications were deployed. (BZ#698624)

Users of Tomcat should upgrade to these updated packages, which contain
backported patches to correct these issues. Tomcat must be restarted for
this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
tomcat6-6.0.24-33.el6.src.rpm
File outdated by:  RHBA-2013:1721
    MD5: f91415a535bf55514d0b6b63ef32ecfc
SHA-256: bb652f3a1547f5ddb3ca036bfc81a3735aeb4c438abbbe45815a62e6f5a5d3f0
 
IA-32:
tomcat6-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 3617211b69fc1cc6ceee339102575b56
SHA-256: 011dadba79276f7a47c4002908c60082ed3a64a7ce26f948a93f5f9439fd6c5a
tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: ec0cd7aa23ce3b9a00f80708bc4caa82
SHA-256: 4e1983138013e4836e330e9d39a979eaea05da494dad06bb30819cf5cb82e252
tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 8750fd0482ed56a7159289bd034f9f13
SHA-256: f14e4b3071b5790db6e298c592aa1650f5094dca915bc1be3454f8780947f8ea
tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 417509a51424ee1317a3fda19fd909cf
SHA-256: 3b64f776df4857230fdb31f27efcd06ef497a29e8aee7da1ad437cb0704203ec
tomcat6-javadoc-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: c971c1a4dcf0d8e3a29dabca186bafb2
SHA-256: 5083e58427c9cae569b2fd9e30ffe75264ba4673eb1619fa206e793fa313a9b8
tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: d67ac42121fc664bc8c4ad37f3950c51
SHA-256: 99a48655678800f89d78af7e38ee6fd39df0a2148b80bbd6e35028c71ef8cdde
tomcat6-lib-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: b0b6a0adf90f6ae1ee0485b09ec9372e
SHA-256: b11da4074c3538ce119dd169ead122857dc203f5e3a94552728d14adf6433478
tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: e9fe38c3eb1727489ed64f3f73963ac1
SHA-256: 85b66552e561e86d5a2d542712a623fc1ee70fe1a948a84a51b0f9c34a33a5c0
tomcat6-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: bfc6f08ea5fc146eacd3c272057731e1
SHA-256: e7f8b6f26397f82341133fb11aed2b5142435f588686989dd7531807abb70267
 
x86_64:
tomcat6-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 3617211b69fc1cc6ceee339102575b56
SHA-256: 011dadba79276f7a47c4002908c60082ed3a64a7ce26f948a93f5f9439fd6c5a
tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: ec0cd7aa23ce3b9a00f80708bc4caa82
SHA-256: 4e1983138013e4836e330e9d39a979eaea05da494dad06bb30819cf5cb82e252
tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 8750fd0482ed56a7159289bd034f9f13
SHA-256: f14e4b3071b5790db6e298c592aa1650f5094dca915bc1be3454f8780947f8ea
tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 417509a51424ee1317a3fda19fd909cf
SHA-256: 3b64f776df4857230fdb31f27efcd06ef497a29e8aee7da1ad437cb0704203ec
tomcat6-javadoc-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: c971c1a4dcf0d8e3a29dabca186bafb2
SHA-256: 5083e58427c9cae569b2fd9e30ffe75264ba4673eb1619fa206e793fa313a9b8
tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: d67ac42121fc664bc8c4ad37f3950c51
SHA-256: 99a48655678800f89d78af7e38ee6fd39df0a2148b80bbd6e35028c71ef8cdde
tomcat6-lib-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: b0b6a0adf90f6ae1ee0485b09ec9372e
SHA-256: b11da4074c3538ce119dd169ead122857dc203f5e3a94552728d14adf6433478
tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: e9fe38c3eb1727489ed64f3f73963ac1
SHA-256: 85b66552e561e86d5a2d542712a623fc1ee70fe1a948a84a51b0f9c34a33a5c0
tomcat6-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: bfc6f08ea5fc146eacd3c272057731e1
SHA-256: e7f8b6f26397f82341133fb11aed2b5142435f588686989dd7531807abb70267
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
tomcat6-6.0.24-33.el6.src.rpm
File outdated by:  RHBA-2013:1721
    MD5: f91415a535bf55514d0b6b63ef32ecfc
SHA-256: bb652f3a1547f5ddb3ca036bfc81a3735aeb4c438abbbe45815a62e6f5a5d3f0
 
x86_64:
tomcat6-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 3617211b69fc1cc6ceee339102575b56
SHA-256: 011dadba79276f7a47c4002908c60082ed3a64a7ce26f948a93f5f9439fd6c5a
tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: ec0cd7aa23ce3b9a00f80708bc4caa82
SHA-256: 4e1983138013e4836e330e9d39a979eaea05da494dad06bb30819cf5cb82e252
tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 8750fd0482ed56a7159289bd034f9f13
SHA-256: f14e4b3071b5790db6e298c592aa1650f5094dca915bc1be3454f8780947f8ea
tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 417509a51424ee1317a3fda19fd909cf
SHA-256: 3b64f776df4857230fdb31f27efcd06ef497a29e8aee7da1ad437cb0704203ec
tomcat6-javadoc-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: c971c1a4dcf0d8e3a29dabca186bafb2
SHA-256: 5083e58427c9cae569b2fd9e30ffe75264ba4673eb1619fa206e793fa313a9b8
tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: d67ac42121fc664bc8c4ad37f3950c51
SHA-256: 99a48655678800f89d78af7e38ee6fd39df0a2148b80bbd6e35028c71ef8cdde
tomcat6-lib-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: b0b6a0adf90f6ae1ee0485b09ec9372e
SHA-256: b11da4074c3538ce119dd169ead122857dc203f5e3a94552728d14adf6433478
tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: e9fe38c3eb1727489ed64f3f73963ac1
SHA-256: 85b66552e561e86d5a2d542712a623fc1ee70fe1a948a84a51b0f9c34a33a5c0
tomcat6-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: bfc6f08ea5fc146eacd3c272057731e1
SHA-256: e7f8b6f26397f82341133fb11aed2b5142435f588686989dd7531807abb70267
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
tomcat6-6.0.24-33.el6.src.rpm
File outdated by:  RHBA-2013:1721
    MD5: f91415a535bf55514d0b6b63ef32ecfc
SHA-256: bb652f3a1547f5ddb3ca036bfc81a3735aeb4c438abbbe45815a62e6f5a5d3f0
 
IA-32:
tomcat6-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 3617211b69fc1cc6ceee339102575b56
SHA-256: 011dadba79276f7a47c4002908c60082ed3a64a7ce26f948a93f5f9439fd6c5a
tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: ec0cd7aa23ce3b9a00f80708bc4caa82
SHA-256: 4e1983138013e4836e330e9d39a979eaea05da494dad06bb30819cf5cb82e252
tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 8750fd0482ed56a7159289bd034f9f13
SHA-256: f14e4b3071b5790db6e298c592aa1650f5094dca915bc1be3454f8780947f8ea
tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 417509a51424ee1317a3fda19fd909cf
SHA-256: 3b64f776df4857230fdb31f27efcd06ef497a29e8aee7da1ad437cb0704203ec
tomcat6-javadoc-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: c971c1a4dcf0d8e3a29dabca186bafb2
SHA-256: 5083e58427c9cae569b2fd9e30ffe75264ba4673eb1619fa206e793fa313a9b8
tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: d67ac42121fc664bc8c4ad37f3950c51
SHA-256: 99a48655678800f89d78af7e38ee6fd39df0a2148b80bbd6e35028c71ef8cdde
tomcat6-lib-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: b0b6a0adf90f6ae1ee0485b09ec9372e
SHA-256: b11da4074c3538ce119dd169ead122857dc203f5e3a94552728d14adf6433478
tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: e9fe38c3eb1727489ed64f3f73963ac1
SHA-256: 85b66552e561e86d5a2d542712a623fc1ee70fe1a948a84a51b0f9c34a33a5c0
tomcat6-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: bfc6f08ea5fc146eacd3c272057731e1
SHA-256: e7f8b6f26397f82341133fb11aed2b5142435f588686989dd7531807abb70267
 
PPC:
tomcat6-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 3617211b69fc1cc6ceee339102575b56
SHA-256: 011dadba79276f7a47c4002908c60082ed3a64a7ce26f948a93f5f9439fd6c5a
tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: ec0cd7aa23ce3b9a00f80708bc4caa82
SHA-256: 4e1983138013e4836e330e9d39a979eaea05da494dad06bb30819cf5cb82e252
tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 8750fd0482ed56a7159289bd034f9f13
SHA-256: f14e4b3071b5790db6e298c592aa1650f5094dca915bc1be3454f8780947f8ea
tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 417509a51424ee1317a3fda19fd909cf
SHA-256: 3b64f776df4857230fdb31f27efcd06ef497a29e8aee7da1ad437cb0704203ec
tomcat6-javadoc-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: c971c1a4dcf0d8e3a29dabca186bafb2
SHA-256: 5083e58427c9cae569b2fd9e30ffe75264ba4673eb1619fa206e793fa313a9b8
tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: d67ac42121fc664bc8c4ad37f3950c51
SHA-256: 99a48655678800f89d78af7e38ee6fd39df0a2148b80bbd6e35028c71ef8cdde
tomcat6-lib-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: b0b6a0adf90f6ae1ee0485b09ec9372e
SHA-256: b11da4074c3538ce119dd169ead122857dc203f5e3a94552728d14adf6433478
tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: e9fe38c3eb1727489ed64f3f73963ac1
SHA-256: 85b66552e561e86d5a2d542712a623fc1ee70fe1a948a84a51b0f9c34a33a5c0
tomcat6-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: bfc6f08ea5fc146eacd3c272057731e1
SHA-256: e7f8b6f26397f82341133fb11aed2b5142435f588686989dd7531807abb70267
 
s390x:
tomcat6-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 3617211b69fc1cc6ceee339102575b56
SHA-256: 011dadba79276f7a47c4002908c60082ed3a64a7ce26f948a93f5f9439fd6c5a
tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: ec0cd7aa23ce3b9a00f80708bc4caa82
SHA-256: 4e1983138013e4836e330e9d39a979eaea05da494dad06bb30819cf5cb82e252
tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 8750fd0482ed56a7159289bd034f9f13
SHA-256: f14e4b3071b5790db6e298c592aa1650f5094dca915bc1be3454f8780947f8ea
tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 417509a51424ee1317a3fda19fd909cf
SHA-256: 3b64f776df4857230fdb31f27efcd06ef497a29e8aee7da1ad437cb0704203ec
tomcat6-javadoc-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: c971c1a4dcf0d8e3a29dabca186bafb2
SHA-256: 5083e58427c9cae569b2fd9e30ffe75264ba4673eb1619fa206e793fa313a9b8
tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: d67ac42121fc664bc8c4ad37f3950c51
SHA-256: 99a48655678800f89d78af7e38ee6fd39df0a2148b80bbd6e35028c71ef8cdde
tomcat6-lib-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: b0b6a0adf90f6ae1ee0485b09ec9372e
SHA-256: b11da4074c3538ce119dd169ead122857dc203f5e3a94552728d14adf6433478
tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: e9fe38c3eb1727489ed64f3f73963ac1
SHA-256: 85b66552e561e86d5a2d542712a623fc1ee70fe1a948a84a51b0f9c34a33a5c0
tomcat6-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: bfc6f08ea5fc146eacd3c272057731e1
SHA-256: e7f8b6f26397f82341133fb11aed2b5142435f588686989dd7531807abb70267
 
x86_64:
tomcat6-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 3617211b69fc1cc6ceee339102575b56
SHA-256: 011dadba79276f7a47c4002908c60082ed3a64a7ce26f948a93f5f9439fd6c5a
tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: ec0cd7aa23ce3b9a00f80708bc4caa82
SHA-256: 4e1983138013e4836e330e9d39a979eaea05da494dad06bb30819cf5cb82e252
tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 8750fd0482ed56a7159289bd034f9f13
SHA-256: f14e4b3071b5790db6e298c592aa1650f5094dca915bc1be3454f8780947f8ea
tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 417509a51424ee1317a3fda19fd909cf
SHA-256: 3b64f776df4857230fdb31f27efcd06ef497a29e8aee7da1ad437cb0704203ec
tomcat6-javadoc-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: c971c1a4dcf0d8e3a29dabca186bafb2
SHA-256: 5083e58427c9cae569b2fd9e30ffe75264ba4673eb1619fa206e793fa313a9b8
tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: d67ac42121fc664bc8c4ad37f3950c51
SHA-256: 99a48655678800f89d78af7e38ee6fd39df0a2148b80bbd6e35028c71ef8cdde
tomcat6-lib-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: b0b6a0adf90f6ae1ee0485b09ec9372e
SHA-256: b11da4074c3538ce119dd169ead122857dc203f5e3a94552728d14adf6433478
tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: e9fe38c3eb1727489ed64f3f73963ac1
SHA-256: 85b66552e561e86d5a2d542712a623fc1ee70fe1a948a84a51b0f9c34a33a5c0
tomcat6-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: bfc6f08ea5fc146eacd3c272057731e1
SHA-256: e7f8b6f26397f82341133fb11aed2b5142435f588686989dd7531807abb70267
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
tomcat6-6.0.24-33.el6.src.rpm
File outdated by:  RHBA-2013:1721
    MD5: f91415a535bf55514d0b6b63ef32ecfc
SHA-256: bb652f3a1547f5ddb3ca036bfc81a3735aeb4c438abbbe45815a62e6f5a5d3f0
 
IA-32:
tomcat6-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 3617211b69fc1cc6ceee339102575b56
SHA-256: 011dadba79276f7a47c4002908c60082ed3a64a7ce26f948a93f5f9439fd6c5a
tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: ec0cd7aa23ce3b9a00f80708bc4caa82
SHA-256: 4e1983138013e4836e330e9d39a979eaea05da494dad06bb30819cf5cb82e252
tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 8750fd0482ed56a7159289bd034f9f13
SHA-256: f14e4b3071b5790db6e298c592aa1650f5094dca915bc1be3454f8780947f8ea
tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 417509a51424ee1317a3fda19fd909cf
SHA-256: 3b64f776df4857230fdb31f27efcd06ef497a29e8aee7da1ad437cb0704203ec
tomcat6-javadoc-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: c971c1a4dcf0d8e3a29dabca186bafb2
SHA-256: 5083e58427c9cae569b2fd9e30ffe75264ba4673eb1619fa206e793fa313a9b8
tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: d67ac42121fc664bc8c4ad37f3950c51
SHA-256: 99a48655678800f89d78af7e38ee6fd39df0a2148b80bbd6e35028c71ef8cdde
tomcat6-lib-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: b0b6a0adf90f6ae1ee0485b09ec9372e
SHA-256: b11da4074c3538ce119dd169ead122857dc203f5e3a94552728d14adf6433478
tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: e9fe38c3eb1727489ed64f3f73963ac1
SHA-256: 85b66552e561e86d5a2d542712a623fc1ee70fe1a948a84a51b0f9c34a33a5c0
tomcat6-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: bfc6f08ea5fc146eacd3c272057731e1
SHA-256: e7f8b6f26397f82341133fb11aed2b5142435f588686989dd7531807abb70267
 
x86_64:
tomcat6-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 3617211b69fc1cc6ceee339102575b56
SHA-256: 011dadba79276f7a47c4002908c60082ed3a64a7ce26f948a93f5f9439fd6c5a
tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: ec0cd7aa23ce3b9a00f80708bc4caa82
SHA-256: 4e1983138013e4836e330e9d39a979eaea05da494dad06bb30819cf5cb82e252
tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 8750fd0482ed56a7159289bd034f9f13
SHA-256: f14e4b3071b5790db6e298c592aa1650f5094dca915bc1be3454f8780947f8ea
tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: 417509a51424ee1317a3fda19fd909cf
SHA-256: 3b64f776df4857230fdb31f27efcd06ef497a29e8aee7da1ad437cb0704203ec
tomcat6-javadoc-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: c971c1a4dcf0d8e3a29dabca186bafb2
SHA-256: 5083e58427c9cae569b2fd9e30ffe75264ba4673eb1619fa206e793fa313a9b8
tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: d67ac42121fc664bc8c4ad37f3950c51
SHA-256: 99a48655678800f89d78af7e38ee6fd39df0a2148b80bbd6e35028c71ef8cdde
tomcat6-lib-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: b0b6a0adf90f6ae1ee0485b09ec9372e
SHA-256: b11da4074c3538ce119dd169ead122857dc203f5e3a94552728d14adf6433478
tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: e9fe38c3eb1727489ed64f3f73963ac1
SHA-256: 85b66552e561e86d5a2d542712a623fc1ee70fe1a948a84a51b0f9c34a33a5c0
tomcat6-webapps-6.0.24-33.el6.noarch.rpm
File outdated by:  RHBA-2013:1721
    MD5: bfc6f08ea5fc146eacd3c272057731e1
SHA-256: e7f8b6f26397f82341133fb11aed2b5142435f588686989dd7531807abb70267
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

636997 - Additionally Created Instances of Tomcat are broken / don't work
643809 - Bad permissions on tomcat folders
656246 - CVE-2010-4172 tomcat: cross-site-scripting vulnerability in the manager application
661244 - Missing tomcat6-juli link in /usr/share/java
675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface
675792 - CVE-2010-3718 tomcat: file permission bypass flaw
678671 - tomcat user requires login shell
695284 - catalina.out path hard-coded in /usr/sbin/tomcat6
697504 - tomcat6-6.0.wrapper redirects init script output to wrong place


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/