Skip to navigation

Security Advisory Moderate: tomcat5 security update

Advisory: RHSA-2012:0474-3
Type: Security Advisory
Severity: Moderate
Issued on: 2012-04-11
Last updated on: 2012-04-11
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2011-4858
CVE-2012-0022

Details

Updated tomcat5 packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

It was found that the Java hashCode() method implementation was susceptible
to predictable hash collisions. A remote attacker could use this flaw to
cause Tomcat to use an excessive amount of CPU time by sending an HTTP
request with a large number of parameters whose names map to the same hash
value. This update introduces a limit on the number of parameters processed
per request to mitigate this issue. The default limit is 512 for
parameters and 128 for headers. These defaults can be changed by setting
the org.apache.tomcat.util.http.Parameters.MAX_COUNT and
org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.
(CVE-2011-4858)

It was found that Tomcat did not handle large numbers of parameters and
large parameter values efficiently. A remote attacker could make Tomcat
use an excessive amount of CPU time by sending an HTTP request containing a
large number of parameters or large parameter values. This update
introduces limits on the number of parameters and headers processed per
request to address this issue. Refer to the CVE-2011-4858 description for
information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and
org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.
(CVE-2012-0022)

Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT
acknowledges Julian Wälde and Alexander Klink as the original reporters of
CVE-2011-4858.

Users of Tomcat should upgrade to these updated packages, which correct
these issues. Tomcat must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
tomcat5-5.5.23-0jpp.31.el5_8.src.rpm
File outdated by:  RHSA-2013:0870
    MD5: 176ddc8e8079f2cb4e562bf702521e8c
SHA-256: 86a2680d24dbfc63ab3db3f5d0c9941bf2cad974b9356277a331b73406ffc911
 
IA-32:
tomcat5-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 1c55b69cc725aaee68f79f8eb82c0e90
SHA-256: 670d2d548db981ec8fda47d65a626f8b4cae74be137f5ae394ae963abfc02dca
tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 2426ab15803a7d9f3ac755f77405f851
SHA-256: 15a0870db53b29d856a20a3816efecd1ab085dd0ffd1e1aa9605cf52a80f4f22
tomcat5-common-lib-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 53818818652b0e7392cb9cccf3569f93
SHA-256: 0ec43df7c3efb7c9c60aea0f6f415d5fcc221225a9cc5ff38a65c64f2706c918
tomcat5-jasper-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 03f1a06905fcd4024231eff685fd016d
SHA-256: 2af1d897e8e2f6fa8eab07b15f48a87851895f41c82ad9acb14abd11b2ef310a
tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 89c49ad0d73ab3acb30f31d7469c7121
SHA-256: 3c326acef3b898ba9dee5e81477718cbf86dd052caa670e8a8d818cde92c9dff
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 25fa2d3e3ebcfd0080efcda0d3af69ac
SHA-256: 5dd010b028e10b720f602571c30f45512472c143425b416eaf12626eac5de9c6
tomcat5-server-lib-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8f34b868dc2dfb572512a3d6f12031ff
SHA-256: 240d258dcb2f72ca533e82f416bac674f60ef500ba329338dd89f087e0a56dc7
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 9599dce9fe4d39add6835fed99d9de78
SHA-256: 83a291a9c72a400b8dd16cf90f14f9322dca531675dd457f5e90556e93ad417b
tomcat5-webapps-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 2e75f7b1f739e8ab3ae7288ee57a06c5
SHA-256: ccba45766fe82637c05c4cf28260103c3d4515c861bb20229f89f96671f8c56e
 
x86_64:
tomcat5-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 26c9f393cb98e0f7b6b0496e3ef1eaa5
SHA-256: 4ac58660d9c21608e71dc88d4c06489b7b5ce5060bd6ef4e57847995c0a7966b
tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: ffe31890075da21e6ff0a3d84627c2f7
SHA-256: 045731b612de60ae7479a4bb576292b71add3f3bd269c98e09a28c2ddffa1522
tomcat5-common-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: e4fd362fd8645b82059ad776c325a343
SHA-256: dc427e7789ee5e0cefaa10a5960560f5ab6caed68242a48af3b05cd0fb4c139b
tomcat5-jasper-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 04fbb5ddb6bf472915819f162027cabc
SHA-256: 3fe7276e9d34a6dcf5f05524c25123c2cdfa1887060ef78944115db9b4f5d318
tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 773bf0cec07c85b5049280e9a62f2c88
SHA-256: cee52d8959cffcc785ed4a3709c263fbecf985e123730e1a6e51e0413da66ed2
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 586ef10e1afb3cf92d16edad41e60adf
SHA-256: e66f9096a162e491df4ce7baa45b1fd81fa54496070a3577ced289962f2d9d56
tomcat5-server-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 30892ffcb265088e0ff32db0a1ddf87f
SHA-256: c9211e61104d2c4041686256bff320bef9f093eed7aed461c801d4ae68e31a6b
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 90f28d14ae4cd988570ca8a23c393946
SHA-256: 011b19f93e14359b1b5b20b42217578922f9b9f4258e3972e2d6852728605a0e
tomcat5-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: fb98144c264e1f04dd50d6f82ae1d123
SHA-256: 10f5f50ccb8411d00d040b40b166e3c595edf71e6de7447a4ce489e2c07d677a
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
tomcat5-5.5.23-0jpp.31.el5_8.src.rpm
File outdated by:  RHSA-2013:0870
    MD5: 176ddc8e8079f2cb4e562bf702521e8c
SHA-256: 86a2680d24dbfc63ab3db3f5d0c9941bf2cad974b9356277a331b73406ffc911
 
IA-32:
tomcat5-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 1c55b69cc725aaee68f79f8eb82c0e90
SHA-256: 670d2d548db981ec8fda47d65a626f8b4cae74be137f5ae394ae963abfc02dca
tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 2426ab15803a7d9f3ac755f77405f851
SHA-256: 15a0870db53b29d856a20a3816efecd1ab085dd0ffd1e1aa9605cf52a80f4f22
tomcat5-common-lib-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 53818818652b0e7392cb9cccf3569f93
SHA-256: 0ec43df7c3efb7c9c60aea0f6f415d5fcc221225a9cc5ff38a65c64f2706c918
tomcat5-jasper-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 03f1a06905fcd4024231eff685fd016d
SHA-256: 2af1d897e8e2f6fa8eab07b15f48a87851895f41c82ad9acb14abd11b2ef310a
tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 89c49ad0d73ab3acb30f31d7469c7121
SHA-256: 3c326acef3b898ba9dee5e81477718cbf86dd052caa670e8a8d818cde92c9dff
tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 84526f122c3f2af586448d6a17e1c33d
SHA-256: ac3a0df9de1ca4afdcf4303c46451558c07b9d0b255d0fc31a2d1d4a32c69171
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 25fa2d3e3ebcfd0080efcda0d3af69ac
SHA-256: 5dd010b028e10b720f602571c30f45512472c143425b416eaf12626eac5de9c6
tomcat5-server-lib-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8f34b868dc2dfb572512a3d6f12031ff
SHA-256: 240d258dcb2f72ca533e82f416bac674f60ef500ba329338dd89f087e0a56dc7
tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 5b1034627cc59e7e1bcf4cd160ee256c
SHA-256: ed6fa70fe78d0379060dcb52db33f30d45d583c82ce5923d505e0979ec51680d
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 9599dce9fe4d39add6835fed99d9de78
SHA-256: 83a291a9c72a400b8dd16cf90f14f9322dca531675dd457f5e90556e93ad417b
tomcat5-webapps-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 2e75f7b1f739e8ab3ae7288ee57a06c5
SHA-256: ccba45766fe82637c05c4cf28260103c3d4515c861bb20229f89f96671f8c56e
 
IA-64:
tomcat5-5.5.23-0jpp.31.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 2ac30ce1a2e5323ccfabfa333611f6fe
SHA-256: 638d8e6b99768068eb40339c33bdcf22bd47d78e519756bbb73ded1ed6cfde09
tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 40dc62cd532052e3ec2d6f51f7dc0111
SHA-256: b42a1fedd0df19a5dca5b7627c67f4361ab8d35d86d6790cc2a872630f1f5be4
tomcat5-common-lib-5.5.23-0jpp.31.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: b8b8764db95dab35f0e0ea2895fafb96
SHA-256: 608e928468f3d7f5dd5c7918bd7ce5903fe5887492b2c9dfedb273668e590ed6
tomcat5-jasper-5.5.23-0jpp.31.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: b5e782cf771b4db2a941bcd6700f9ddf
SHA-256: 4a81c3ac052190d5ae983dea46bca45d0df646f0b8631034ea4bc752ca883980
tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 40ff41eede7569678d72a906ff84b7e5
SHA-256: e8641f46d1efdd21466078f5cf7cb2f7e9c65caaf83f67ab76872525cd372ad7
tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: d1d61e44d927abf0adfcc773a21d70b7
SHA-256: b3a51e72847fc72a519c53627cdf7eba5c5839a72c1feab1aa9fda666d219f96
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 28912f52cd7785796b648ec6a6af0adb
SHA-256: 649d2fb54d691568f4c7afbcda2feda98a1df9e47c786d21549717564018e613
tomcat5-server-lib-5.5.23-0jpp.31.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 50261d46c6845e990ab01d48314c8535
SHA-256: bb8b3732d95b70a7f5556c1df2cf2f19bc953052f61c48f2c8813a00c5ec6eeb
tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 883ab88258da10bb5805165f7387e862
SHA-256: a55eae2b7d5e6dbf6545c5b983e669496b3f32559f7fb1f94eb8a82fdb473042
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: ed44c25a8bf3283c917c80233f45b172
SHA-256: 84d6b48d19a8672581ab0c3732d0ab91a992d93d0024a6b8f10c17d45cbe2e04
tomcat5-webapps-5.5.23-0jpp.31.el5_8.ia64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 18973b05285b5671f461808d8badaa6e
SHA-256: b633520756996a282a03f209439fbda279897aed1cb31835ad5b20bbf535cf00
 
PPC:
tomcat5-5.5.23-0jpp.31.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 6866d8922e8fc81bce8e232bf43a64b9
SHA-256: 1b58d57cf5598f103d2d75f17aeab92bbd7521d076c48b1c2d39d13a7279188e
tomcat5-5.5.23-0jpp.31.el5_8.ppc64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 9ac0225bee4382a755189942a0a89ca9
SHA-256: 4a2a3c3430f18fa1d8cd912299b76b68a1211a0886813ce2985b6405d1355c3a
tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: a8ef3bef53cbf008d29c3e21242a9de4
SHA-256: 04466ba1296c5b4d58f31c207c23b1eb501ab7e83ad09d7997f0a4e3dfd95ecf
tomcat5-common-lib-5.5.23-0jpp.31.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 6bf59d4370adb1da42dc2386895bb9db
SHA-256: dcabb37eb69c971a666b9ef16fa5dacb99732fd46378f797a42d99c6361d6402
tomcat5-jasper-5.5.23-0jpp.31.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 75b7123538cfd08a879048ff4c754318
SHA-256: d5b596045c834f6848bef540ebb83a14a8449514d14d7d50d70d900fce05e892
tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 04401391796d8f76707b5999f53ad8e9
SHA-256: b966d4a64854703c76a2067020cd33fe0b9f8e5d627037ce3696abd1e2a3aeaf
tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: f94de75d11e07997daa49ecb33e3c3f7
SHA-256: 91f984cd12fb2d4766ddf34c28fee818b0a53f7b10e08044f4296a045b1bc251
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: f6b9ddf411bef72542624c151e9bf199
SHA-256: 1d4d8c01a779375bd0872aa2a212337af73cdd4019902a27f5bcb92805b14118
tomcat5-server-lib-5.5.23-0jpp.31.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: db257a9143c1dd218c4ff764911aa3ab
SHA-256: 991d554844ca56e50caee22461973bc130c518fdf3684ab269a373bb6926dbc3
tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 83fc2a0f92112eb63dd4f7de333dc500
SHA-256: 987b0857e70450f6e86117bcba38a5f7b0bc9044f621b0ca4164dfded8a3afa5
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 534a000134fe4b607278b5c286c2528e
SHA-256: 4061cbe696d78aaa7e1287bfe15fca3d81d0824a49fbd8a00775446b2bf06865
tomcat5-webapps-5.5.23-0jpp.31.el5_8.ppc.rpm
File outdated by:  RHSA-2013:0870
    MD5: 2b2de28b52db9e87246640f7775a56da
SHA-256: ef146dfa5636c0b2e275c61c2b0e09c8018616d87d0d3d50482f5cffdd10fd65
 
s390x:
tomcat5-5.5.23-0jpp.31.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 75bfce8a5d9a8e9e576b3b48bc293988
SHA-256: 4599ca48e264ab0727f78f9585738808dffa8d42c8acda4d6e184ceb346d2428
tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 32e9feb97fe1bb9b0aa0cd17cf1b27d7
SHA-256: edc3ea395602f4856a17330ee05307ab51bafd5cef838449baedb6de0ac2e569
tomcat5-common-lib-5.5.23-0jpp.31.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 295bc3cd8363bcbac5c4614166b095d6
SHA-256: b7bc6397e59ccea6a07ebed5d7d49b2f48519e8408c729550580130f6f9543bc
tomcat5-jasper-5.5.23-0jpp.31.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 0ea8af067382a4967c241f78ecf13ff0
SHA-256: 4685230334cae84d8a12fa0ead7674f1e74ca58e4437dc717ec8f3b606f8dbd9
tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 393ae6f692bb8cc566f749148af9d00b
SHA-256: 11b484413f260da65f1394e92cbe162f0120a62a8b3826ef75284669638372cd
tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: e5347c6f31b69dbc4c83e5560e4e63c8
SHA-256: 84f5ce4babac7bfefc0588dfe72dbe362f95dee020dc81d93fb900b5356932b4
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 600766894de25eb829f9a479af4814a2
SHA-256: 17add76be82c7afced47bb9ca2ed2d99e65f07d14f929128d57559f15010f8fb
tomcat5-server-lib-5.5.23-0jpp.31.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: fc440a2a06b3fdfa7a54c6cba9270bf7
SHA-256: 27801f29e760e08e604f6d1d792d3ea04d8b37089055538509d63bcc9895088a
tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: d24ac92b034527fae672e8253d3808ae
SHA-256: e4ef6cff14e0c75570fe1593bbc2dc2a24e4113cbab8ee812641ae97b37fe875
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 875daf339220fbee44c34ff3177f77ae
SHA-256: b778368cbf70804e9cf63bfe64ce1491239d554703c708c87aa7a6b09ff85bc0
tomcat5-webapps-5.5.23-0jpp.31.el5_8.s390x.rpm
File outdated by:  RHSA-2013:0870
    MD5: 5da1e17474c9806a956a3259892d10dd
SHA-256: 78da68d85b370a01551ca86850b29c6d424e5087bb47fd76a8de6dd0f329feb8
 
x86_64:
tomcat5-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 26c9f393cb98e0f7b6b0496e3ef1eaa5
SHA-256: 4ac58660d9c21608e71dc88d4c06489b7b5ce5060bd6ef4e57847995c0a7966b
tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: ffe31890075da21e6ff0a3d84627c2f7
SHA-256: 045731b612de60ae7479a4bb576292b71add3f3bd269c98e09a28c2ddffa1522
tomcat5-common-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: e4fd362fd8645b82059ad776c325a343
SHA-256: dc427e7789ee5e0cefaa10a5960560f5ab6caed68242a48af3b05cd0fb4c139b
tomcat5-jasper-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 04fbb5ddb6bf472915819f162027cabc
SHA-256: 3fe7276e9d34a6dcf5f05524c25123c2cdfa1887060ef78944115db9b4f5d318
tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 773bf0cec07c85b5049280e9a62f2c88
SHA-256: cee52d8959cffcc785ed4a3709c263fbecf985e123730e1a6e51e0413da66ed2
tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 7100686a850f9ac60b6e0ae2b229df4a
SHA-256: f001b90586705d5b61b17a6ebbb41d2a80f5dba54eddd840fb6e38e0b4f429eb
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 586ef10e1afb3cf92d16edad41e60adf
SHA-256: e66f9096a162e491df4ce7baa45b1fd81fa54496070a3577ced289962f2d9d56
tomcat5-server-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 30892ffcb265088e0ff32db0a1ddf87f
SHA-256: c9211e61104d2c4041686256bff320bef9f093eed7aed461c801d4ae68e31a6b
tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8a47da86ca3d48465c3e2323c921a96e
SHA-256: 9d3004e4b7560e743e2976f146e47100eb237802a3ab6b4f15a0c41be5cc0fe9
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 90f28d14ae4cd988570ca8a23c393946
SHA-256: 011b19f93e14359b1b5b20b42217578922f9b9f4258e3972e2d6852728605a0e
tomcat5-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: fb98144c264e1f04dd50d6f82ae1d123
SHA-256: 10f5f50ccb8411d00d040b40b166e3c595edf71e6de7447a4ce489e2c07d677a
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
tomcat5-5.5.23-0jpp.31.el5_8.src.rpm
File outdated by:  RHSA-2013:0870
    MD5: 176ddc8e8079f2cb4e562bf702521e8c
SHA-256: 86a2680d24dbfc63ab3db3f5d0c9941bf2cad974b9356277a331b73406ffc911
 
IA-32:
tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 84526f122c3f2af586448d6a17e1c33d
SHA-256: ac3a0df9de1ca4afdcf4303c46451558c07b9d0b255d0fc31a2d1d4a32c69171
tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.i386.rpm
File outdated by:  RHSA-2013:0870
    MD5: 5b1034627cc59e7e1bcf4cd160ee256c
SHA-256: ed6fa70fe78d0379060dcb52db33f30d45d583c82ce5923d505e0979ec51680d
 
x86_64:
tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 7100686a850f9ac60b6e0ae2b229df4a
SHA-256: f001b90586705d5b61b17a6ebbb41d2a80f5dba54eddd840fb6e38e0b4f429eb
tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.x86_64.rpm
File outdated by:  RHSA-2013:0870
    MD5: 8a47da86ca3d48465c3e2323c921a96e
SHA-256: 9d3004e4b7560e743e2976f146e47100eb237802a3ab6b4f15a0c41be5cc0fe9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

750521 - CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003)
783359 - CVE-2012-0022 tomcat: large number of parameters DoS


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/