Skip to navigation

Security Advisory Important: tomcat6 security update

Advisory: RHSA-2013:0623-1
Type: Security Advisory
Severity: Important
Issued on: 2013-03-11
Last updated on: 2013-03-11
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.4)
Red Hat Enterprise Linux Server EUS (v. 6.4.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-3546
CVE-2012-4534
CVE-2012-5885
CVE-2012-5886
CVE-2012-5887

Details

Updated tomcat6 packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Apache Tomcat is a servlet container.

It was found that when an application used FORM authentication, along with
another component that calls request.setUserPrincipal() before the call to
FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was
possible to bypass the security constraint checks in the FORM authenticator
by appending "/j_security_check" to the end of a URL. A remote attacker
with an authenticated session on an affected application could use this
flaw to circumvent authorization controls, and thereby access resources not
permitted by the roles associated with their authenticated session.
(CVE-2012-3546)

A flaw was found in the way Tomcat handled sendfile operations when using
the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker
could use this flaw to cause a denial of service (infinite loop). The HTTP
blocking IO (BIO) connector, which is not vulnerable to this issue, is used
by default in Red Hat Enterprise Linux 6. (CVE-2012-4534)

Multiple weaknesses were found in the Tomcat DIGEST authentication
implementation, effectively reducing the security normally provided by
DIGEST authentication. A remote attacker could use these flaws to perform
replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,
CVE-2012-5887)

Users of Tomcat should upgrade to these updated packages, which correct
these issues. Tomcat must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)
SRPMS:
tomcat6-6.0.24-52.el6_4.src.rpm     MD5: 9c4853cf866e11f3dadaace60acaf572
SHA-256: fa0fa1c4f29c0e620ee7b14a3cd63a5c235d775bfa8a51c1420a5ffc4dd215fb
 
IA-32:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
x86_64:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
Red Hat Enterprise Linux HPC Node (v. 6)
SRPMS:
tomcat6-6.0.24-52.el6_4.src.rpm     MD5: 9c4853cf866e11f3dadaace60acaf572
SHA-256: fa0fa1c4f29c0e620ee7b14a3cd63a5c235d775bfa8a51c1420a5ffc4dd215fb
 
x86_64:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
Red Hat Enterprise Linux Server (v. 6)
SRPMS:
tomcat6-6.0.24-52.el6_4.src.rpm     MD5: 9c4853cf866e11f3dadaace60acaf572
SHA-256: fa0fa1c4f29c0e620ee7b14a3cd63a5c235d775bfa8a51c1420a5ffc4dd215fb
 
IA-32:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
PPC:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
s390x:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
x86_64:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
Red Hat Enterprise Linux Server AUS (v. 6.4)
SRPMS:
tomcat6-6.0.24-52.el6_4.src.rpm     MD5: 9c4853cf866e11f3dadaace60acaf572
SHA-256: fa0fa1c4f29c0e620ee7b14a3cd63a5c235d775bfa8a51c1420a5ffc4dd215fb
 
IA-32:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
x86_64:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
Red Hat Enterprise Linux Server EUS (v. 6.4.z)
SRPMS:
tomcat6-6.0.24-52.el6_4.src.rpm     MD5: 9c4853cf866e11f3dadaace60acaf572
SHA-256: fa0fa1c4f29c0e620ee7b14a3cd63a5c235d775bfa8a51c1420a5ffc4dd215fb
 
IA-32:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
PPC:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
s390x:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
x86_64:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
Red Hat Enterprise Linux Workstation (v. 6)
SRPMS:
tomcat6-6.0.24-52.el6_4.src.rpm     MD5: 9c4853cf866e11f3dadaace60acaf572
SHA-256: fa0fa1c4f29c0e620ee7b14a3cd63a5c235d775bfa8a51c1420a5ffc4dd215fb
 
IA-32:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
x86_64:
tomcat6-6.0.24-52.el6_4.noarch.rpm     MD5: f0d9f47a792ad0c8673e7a4fbe933e2d
SHA-256: 57974a0debcd8a58ed3b056a56fb5f79518b2d165dd464287fd16df5ad073788
tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: c668e9d47b08480f351a46103cc2e08f
SHA-256: 9e989c5bbc8f60acd0124a107d1881770fc8368b87fbc283b04e7d7e7a77d824
tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm     MD5: b3d05d096f01b52f85e8951b47e8038a
SHA-256: 3b6882d97a86fd572f31314f0ab81367197df719ea63420419987f8d40165105
tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: e4063873009dd397bb03b3cad2b0c9cf
SHA-256: e619a41a28245bf21ec2c9fc6d39de227d75a1c8865232f2d8ab20ebf81e9273
tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm     MD5: c9a9c5d96c62d8672e2a14455bfd3025
SHA-256: 8876e3afdfd49f418cb5c51fb1ec9d2bb23811104d9e07f066f62e086d114185
tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm     MD5: 2905626e2a4a30fd6dd60be132c6fb73
SHA-256: 28f7f1933f9723492b306febb916653d9492638907f21aa4dd49e0ad6badaf5d
tomcat6-lib-6.0.24-52.el6_4.noarch.rpm     MD5: f223da544a9e5ab4fb345ff2f28223a0
SHA-256: fff708f86a6be97cd8afea27e934f9f9465e60a613723ecd72686d9ce70a4bc5
tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm     MD5: ce69fc8b090d80f786e2350dc2abe8f0
SHA-256: 20ede1a23474c0e45e7d5bee5ca0da0a5a6563397c15ffdd844be2e632f1288e
tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm     MD5: cb7c232eb57f130f61b17e3b7eefede0
SHA-256: b36a1d4f6be25fd80398a45879e47610cd5d2556a49b68d028edc276a5fde4f1
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

873664 - CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 tomcat: three DIGEST authentication implementation issues
883634 - CVE-2012-3546 Tomcat/JBoss Web: Bypass of security constraints
883637 - CVE-2012-4534 Tomcat - Denial Of Service when using NIO+SSL+sendfile


References

https://www.redhat.com/security/data/cve/CVE-2012-3546.html
https://www.redhat.com/security/data/cve/CVE-2012-4534.html
https://www.redhat.com/security/data/cve/CVE-2012-5885.html
https://www.redhat.com/security/data/cve/CVE-2012-5886.html
https://www.redhat.com/security/data/cve/CVE-2012-5887.html
https://access.redhat.com/security/updates/classification/#important
http://tomcat.apache.org/security-6.html

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/