Security Advisory Important: tomcat5 and tomcat6 security update

Advisory: RHSA-2013:0872-1
Type: Security Advisory
Severity: Important
Issued on: 2013-05-28
Last updated on: 2013-05-28
Affected Products: JBoss Enterprise Web Server v1 EL5
JBoss Enterprise Web Server v1 EL6
CVEs (cve.mitre.org): CVE-2013-1976

Details

Updated tomcat5 and tomcat6 packages that fix one security issue are now
available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise
Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A flaw was found in the way the tomcat5 and tomcat6 init scripts handled
the tomcat5-initd.log and tomcat6-initd.log log files. A malicious web
application deployed on Tomcat could use this flaw to perform a symbolic
link attack to change the ownership of an arbitrary system file to that of
the tomcat user, allowing them to escalate their privileges to root.
(CVE-2013-1976)

Note: With this update, tomcat5-initd.log and tomcat6-initd.log have been
moved to the /var/log/ directory.

Red Hat would like to thank Simon Fayer of Imperial College London for
reporting this issue.

Warning: Before applying the update, back up your existing JBoss Enterprise
Web Server installation (including all applications and configuration
files).

Users of Tomcat should upgrade to these updated packages, which resolve
this issue. Tomcat must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

JBoss Enterprise Web Server v1 EL5

SRPMS:
tomcat5-5.5.33-33_patch_09.ep5.el5.src.rpm     MD5: 3722776a3bef8b37f10ac5dd7b4350ac
SHA-256: 569f3ccdf965f761f5a7b38c51d68a46bcba4c5b1dcffcc439a095636f641057
tomcat6-6.0.32-32_patch_09.ep5.el5.src.rpm     MD5: 90e0644ac8564cd3f56f79705016f58b
SHA-256: b62c8a6adba7abc36c32e5bbde7305031cd5b4a7a87cc1383584b57983eb7fa4
 
IA-32:
tomcat5-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: a918a6d5297dff44a6b423dd17e6c507
SHA-256: 99db5bc3cf2ba9a1b4b16269d290ac5a699e0703e124779a52e87b5c1be74456
tomcat5-admin-webapps-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 1799e70c953968e3fca35c0c912de6ca
SHA-256: 12dc080fcd1f359825009feb022027b00a4fe87d4859bd074c0a81b2db6052fc
tomcat5-common-lib-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 170b8684532dc842bcb4fd8fe0559551
SHA-256: efdca680f4d6285cb8fd47b34526a0862a0fe5318ee2aea8587f9df6e4ec5fe4
tomcat5-jasper-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 4c9f3ca756fa694a7aabc540a2bde934
SHA-256: 09328afb0f24a6c8dd2c4023a88a425ee0ee2e0f90e21f1ceaf0032c8a617e3a
tomcat5-jasper-eclipse-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 3296bfe237a5c56a8aeb339cfb89e34d
SHA-256: 56fa866eee0dcd32436fefcd1df29986d2aa619767408bbb4499f74765983506
tomcat5-jasper-javadoc-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 60dbdb49b5e2fed22d24d0555be432eb
SHA-256: 6a6ae61f50708e8563e1fe732637cd6098e276f45d84af7b8fb0829aae8b5d87
tomcat5-jsp-2.0-api-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 1a5067df4535c163e0d5b93f14047355
SHA-256: 1a2ed3f9677bf3f0c3814c19d758d5d4f55fe3495f4eef20d85b47478bbf194a
tomcat5-jsp-2.0-api-javadoc-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 9661898ae9c4a718b73be30b0a9f0782
SHA-256: e029442a4d1c09933590d565c79262d3b1235c33e9d9bbcd5f19de6fa156ea94
tomcat5-parent-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 1fd406b2606782ae6b592e712acda428
SHA-256: 531a87715df735bc92a0ff412bda7083a3b6794acdaa2e8640fe39f57d2acdf2
tomcat5-server-lib-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 9c23cb15a60e0e537abf92fdaf6985b2
SHA-256: c04e0536e3ab8659408c9074f9f3c0a8678e7f5d644b227a1ff785d868aa4933
tomcat5-servlet-2.4-api-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 92d09bec2c9944011d0596f3b9983824
SHA-256: 98eb46797d822a6db1f3acb81203c9dda10e53627bf86b9becaf46602aca6dcf
tomcat5-servlet-2.4-api-javadoc-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 59dd2911d64c59bdcf79123a0e952984
SHA-256: 970a0986b7d5b39945950cd060a6181d90c9550518f26cc1856ce2551cd8e182
tomcat5-webapps-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 9a1b8d0cd6d96a9840a06cbac5594cba
SHA-256: e42e2833cc5af14e8bf1236748a7cad55c28fde66d207e3316301c315bfc88c2
tomcat6-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: 772b3a8e2f12a062b86a8cf2de438ffe
SHA-256: ae1afd12e24944dfe04730bd3631e8cb21e4f8613f04fbdd71196bb192892f58
tomcat6-admin-webapps-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: 05daeaf19683dca1304d13893fd68ed9
SHA-256: 0c72503b061f62df027569e204dcd22db814c023a27c31c32f785a41c5c0e0a2
tomcat6-docs-webapp-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: f47761e3f05b91a793f10fbbcdb4ed2f
SHA-256: d36b37fa2752dba4ab9a4fb7fcdb0b2cc5b941f71dfa30474700f4802b58698e
tomcat6-el-1.0-api-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: 5a602fb069cab5f0f2173868a1377693
SHA-256: 69652e256c4e9974f75eda8e3cb4aec44a7ad00783775dc3efbdfe0d7593db23
tomcat6-javadoc-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: 47df01e3f04f732928c63bc8c8a68600
SHA-256: 335e5bda4c94671cf5c5ea966fe9fa2ce37f1d37709f7eb4b160589b70f53bcf
tomcat6-jsp-2.1-api-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: d4df06f3507c3da4bb752d54f46af8ce
SHA-256: 066cb504d8f1a9f2071106d466bab59e674ef065e007501a1d6810097c916cbd
tomcat6-lib-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: 67c8a828f4ebaebadfb54d2e7ed7420e
SHA-256: 6e0cc408879ab8ce2c05c944082fb0cd20d9ed7f5c6ada4aea0b0fa63f1db26d
tomcat6-log4j-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: ad76e2aa6fdb1526259f1036eb676b87
SHA-256: eae07dad1cfd682fedb90ce5ff618eccc6abcf805ff4147e9a794c2033696a72
tomcat6-servlet-2.5-api-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: c5eda7c00cf9a02bb5b1ccee6d214688
SHA-256: 25ae89c1c8e33a21b8e76857c975688ab334781329dc1f27ab2e8ad61f5394d0
tomcat6-webapps-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: 9844efa96c3bd7b711fb679241d503de
SHA-256: 0ead3f04e8d237b5b621fdf7377625675f533c4340bf59e38034b2bca53abd1b
 
x86_64:
tomcat5-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: a918a6d5297dff44a6b423dd17e6c507
SHA-256: 99db5bc3cf2ba9a1b4b16269d290ac5a699e0703e124779a52e87b5c1be74456
tomcat5-admin-webapps-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 1799e70c953968e3fca35c0c912de6ca
SHA-256: 12dc080fcd1f359825009feb022027b00a4fe87d4859bd074c0a81b2db6052fc
tomcat5-common-lib-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 170b8684532dc842bcb4fd8fe0559551
SHA-256: efdca680f4d6285cb8fd47b34526a0862a0fe5318ee2aea8587f9df6e4ec5fe4
tomcat5-jasper-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 4c9f3ca756fa694a7aabc540a2bde934
SHA-256: 09328afb0f24a6c8dd2c4023a88a425ee0ee2e0f90e21f1ceaf0032c8a617e3a
tomcat5-jasper-eclipse-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 3296bfe237a5c56a8aeb339cfb89e34d
SHA-256: 56fa866eee0dcd32436fefcd1df29986d2aa619767408bbb4499f74765983506
tomcat5-jasper-javadoc-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 60dbdb49b5e2fed22d24d0555be432eb
SHA-256: 6a6ae61f50708e8563e1fe732637cd6098e276f45d84af7b8fb0829aae8b5d87
tomcat5-jsp-2.0-api-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 1a5067df4535c163e0d5b93f14047355
SHA-256: 1a2ed3f9677bf3f0c3814c19d758d5d4f55fe3495f4eef20d85b47478bbf194a
tomcat5-jsp-2.0-api-javadoc-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 9661898ae9c4a718b73be30b0a9f0782
SHA-256: e029442a4d1c09933590d565c79262d3b1235c33e9d9bbcd5f19de6fa156ea94
tomcat5-parent-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 1fd406b2606782ae6b592e712acda428
SHA-256: 531a87715df735bc92a0ff412bda7083a3b6794acdaa2e8640fe39f57d2acdf2
tomcat5-server-lib-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 9c23cb15a60e0e537abf92fdaf6985b2
SHA-256: c04e0536e3ab8659408c9074f9f3c0a8678e7f5d644b227a1ff785d868aa4933
tomcat5-servlet-2.4-api-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 92d09bec2c9944011d0596f3b9983824
SHA-256: 98eb46797d822a6db1f3acb81203c9dda10e53627bf86b9becaf46602aca6dcf
tomcat5-servlet-2.4-api-javadoc-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 59dd2911d64c59bdcf79123a0e952984
SHA-256: 970a0986b7d5b39945950cd060a6181d90c9550518f26cc1856ce2551cd8e182
tomcat5-webapps-5.5.33-33_patch_09.ep5.el5.noarch.rpm     MD5: 9a1b8d0cd6d96a9840a06cbac5594cba
SHA-256: e42e2833cc5af14e8bf1236748a7cad55c28fde66d207e3316301c315bfc88c2
tomcat6-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: 772b3a8e2f12a062b86a8cf2de438ffe
SHA-256: ae1afd12e24944dfe04730bd3631e8cb21e4f8613f04fbdd71196bb192892f58
tomcat6-admin-webapps-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: 05daeaf19683dca1304d13893fd68ed9
SHA-256: 0c72503b061f62df027569e204dcd22db814c023a27c31c32f785a41c5c0e0a2
tomcat6-docs-webapp-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: f47761e3f05b91a793f10fbbcdb4ed2f
SHA-256: d36b37fa2752dba4ab9a4fb7fcdb0b2cc5b941f71dfa30474700f4802b58698e
tomcat6-el-1.0-api-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: 5a602fb069cab5f0f2173868a1377693
SHA-256: 69652e256c4e9974f75eda8e3cb4aec44a7ad00783775dc3efbdfe0d7593db23
tomcat6-javadoc-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: 47df01e3f04f732928c63bc8c8a68600
SHA-256: 335e5bda4c94671cf5c5ea966fe9fa2ce37f1d37709f7eb4b160589b70f53bcf
tomcat6-jsp-2.1-api-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: d4df06f3507c3da4bb752d54f46af8ce
SHA-256: 066cb504d8f1a9f2071106d466bab59e674ef065e007501a1d6810097c916cbd
tomcat6-lib-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: 67c8a828f4ebaebadfb54d2e7ed7420e
SHA-256: 6e0cc408879ab8ce2c05c944082fb0cd20d9ed7f5c6ada4aea0b0fa63f1db26d
tomcat6-log4j-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: ad76e2aa6fdb1526259f1036eb676b87
SHA-256: eae07dad1cfd682fedb90ce5ff618eccc6abcf805ff4147e9a794c2033696a72
tomcat6-servlet-2.5-api-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: c5eda7c00cf9a02bb5b1ccee6d214688
SHA-256: 25ae89c1c8e33a21b8e76857c975688ab334781329dc1f27ab2e8ad61f5394d0
tomcat6-webapps-6.0.32-32_patch_09.ep5.el5.noarch.rpm     MD5: 9844efa96c3bd7b711fb679241d503de
SHA-256: 0ead3f04e8d237b5b621fdf7377625675f533c4340bf59e38034b2bca53abd1b
 
JBoss Enterprise Web Server v1 EL6

SRPMS:
tomcat5-5.5.33-36_patch_09.ep5.el6.src.rpm     MD5: aaea191fd4ba63e738e24fca245560be
SHA-256: 3b4c07dbe609e386971ee955e10f49c8330cc6f3aa1cfdff5423a6a624604703
tomcat6-6.0.32-35_patch_09.ep5.el6.src.rpm     MD5: e0e446b0df5f092c05955ad6174849d1
SHA-256: 67fde4ef0e2a9bef7e6c089019671eaf2c872b450a0527a8b38607e5bb689813
 
IA-32:
tomcat5-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 02da29fc3e9f21516d1907dda6f88c16
SHA-256: a7c6798d5188b16f291da4d9fdea10923fba9fba50abae029f96bf3c98288cc1
tomcat5-admin-webapps-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 53482e53dd04a554b5f86de54dbddb2e
SHA-256: 7c94b805df583dd6c6713f18cca11fa71f44580773082bbba49cc8a1a829e80c
tomcat5-common-lib-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: b8dd1d1cdc132f202525300f9db4e80d
SHA-256: 6e40a7f3dba5aa04de3a9155f1c35a2123773af645dda72748a933035202c1a1
tomcat5-jasper-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 74af81573b3d81157220a2ef3ef93414
SHA-256: 945f2c3c3427ad685a61e2424cf61d7d842cbadb745b4eaef3cac55d7ce2216d
tomcat5-jasper-eclipse-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: fc2a0932229f6a28c3c3ecf09c2ff8aa
SHA-256: 3d1a813096667fedbfdf22f27fa3e442bda33f41e46a60093a7ab3e3e9220739
tomcat5-jasper-javadoc-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: b279d22b36bbbe3fba1e97ddb442d4ba
SHA-256: 028487cd175edd25af2efca991b4364d545ba2bb6dfaf635572ff05f671ec07d
tomcat5-jsp-2.0-api-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 766c0046a9c3de16cd41991443c82269
SHA-256: d6ea3f15f8a1867e21b35df6ce6e14a8e0895358fec362f12df89e9a4a288e3c
tomcat5-jsp-2.0-api-javadoc-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: bf33f6f287424244a5a87074dd368091
SHA-256: 859b45315ca72504b05737f811733cc9c5747b4a2b1c770c904aab0344b4d54a
tomcat5-parent-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: cf8ed0c0069147530c986981cf0f9acb
SHA-256: ab102f43695e208d154e88c0526873a2315afd9babb9908dd67dcb00698d69ce
tomcat5-server-lib-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 7626e173d1b22f8b409bf83158100bc3
SHA-256: 9b67a431ec7724866602fbba91fb93e0780415cf13f0f3fdf9e548200bd016cc
tomcat5-servlet-2.4-api-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 47fe04d722f227434b484c1a4e487214
SHA-256: 643e4831456fd7646ac717da40850822230fc3f940d0750fb1466317aa5752a8
tomcat5-servlet-2.4-api-javadoc-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 3754574c0e8236e85576d2c2f58a1121
SHA-256: c14be80864a171f0ecc971f3f3579d6aa7fe4373eb0631dcb1979a4a669e229d
tomcat5-webapps-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 5912d7e49244e739271b480e357028a2
SHA-256: e6de770ae676c9255fb2c7366bce4f61300ed27b4abd66c03a876dcc53e60af4
tomcat6-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 09d1178dea2e10b4972900bb51ae165e
SHA-256: b02f717a1f0315e078887fea830ee1a7c5ea21c652da5f69320b02cda6fbccfa
tomcat6-admin-webapps-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 454d07382d037230fb336bdc10dec985
SHA-256: 7d5766a1c072d52679760178cbdb03bbfd8adadec176aef8f45716ea95688d23
tomcat6-docs-webapp-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 746a85d0fe6dc7c82a12ac8b3a3abc10
SHA-256: be6701a691533f6a1ea1bc9d7a1300c01e8cdbd35bd8fe5c2ef71b63d0a8c095
tomcat6-el-1.0-api-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 061bcb7b72242e07325e821a6bf9f077
SHA-256: 2a8a4398137ef54c06be4b78cfbbc5a0a24d4c87f1f9027ada157c6e4867a6a2
tomcat6-javadoc-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 78ab8157a876d0a0d3cc4ae9be3f3f41
SHA-256: 8df00d71338ea3f71d769da540e0b8594dcff1e23ed49b166633a8d244b82423
tomcat6-jsp-2.1-api-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 1347b5f71fc98dc7169967b21a7bf1fe
SHA-256: 5d090881250d9a05fe4b448a6281cd1060edb529ba86ee9365372de36c9153a5
tomcat6-lib-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 0e9d0eccaf48751b6b72d3632ac8f015
SHA-256: 08a75f86c82c14f837bee07b54cd72af8bf86bd1094752cb2f2e8d2dba64c50e
tomcat6-log4j-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: f55be41bd05a75018f344460e2c69c6e
SHA-256: 2312a19d2143f3c5fbdaa4e0528026a878b677a8abe131e48f2e3d7b59577e03
tomcat6-servlet-2.5-api-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: b44ea869fe05b3d3fa94d4b4610738ef
SHA-256: 49b3637d4dcda7168bb9483a3f59afc1240d61904ea8075fda48702beed6c49e
tomcat6-webapps-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 59ae5f59af488e7561529656712286d9
SHA-256: 85d19388ac65e9cd0bad8683f2eab713efcfc26b448bd086918a0fae010999e6
 
x86_64:
tomcat5-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 02da29fc3e9f21516d1907dda6f88c16
SHA-256: a7c6798d5188b16f291da4d9fdea10923fba9fba50abae029f96bf3c98288cc1
tomcat5-admin-webapps-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 53482e53dd04a554b5f86de54dbddb2e
SHA-256: 7c94b805df583dd6c6713f18cca11fa71f44580773082bbba49cc8a1a829e80c
tomcat5-common-lib-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: b8dd1d1cdc132f202525300f9db4e80d
SHA-256: 6e40a7f3dba5aa04de3a9155f1c35a2123773af645dda72748a933035202c1a1
tomcat5-jasper-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 74af81573b3d81157220a2ef3ef93414
SHA-256: 945f2c3c3427ad685a61e2424cf61d7d842cbadb745b4eaef3cac55d7ce2216d
tomcat5-jasper-eclipse-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: fc2a0932229f6a28c3c3ecf09c2ff8aa
SHA-256: 3d1a813096667fedbfdf22f27fa3e442bda33f41e46a60093a7ab3e3e9220739
tomcat5-jasper-javadoc-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: b279d22b36bbbe3fba1e97ddb442d4ba
SHA-256: 028487cd175edd25af2efca991b4364d545ba2bb6dfaf635572ff05f671ec07d
tomcat5-jsp-2.0-api-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 766c0046a9c3de16cd41991443c82269
SHA-256: d6ea3f15f8a1867e21b35df6ce6e14a8e0895358fec362f12df89e9a4a288e3c
tomcat5-jsp-2.0-api-javadoc-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: bf33f6f287424244a5a87074dd368091
SHA-256: 859b45315ca72504b05737f811733cc9c5747b4a2b1c770c904aab0344b4d54a
tomcat5-parent-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: cf8ed0c0069147530c986981cf0f9acb
SHA-256: ab102f43695e208d154e88c0526873a2315afd9babb9908dd67dcb00698d69ce
tomcat5-server-lib-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 7626e173d1b22f8b409bf83158100bc3
SHA-256: 9b67a431ec7724866602fbba91fb93e0780415cf13f0f3fdf9e548200bd016cc
tomcat5-servlet-2.4-api-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 47fe04d722f227434b484c1a4e487214
SHA-256: 643e4831456fd7646ac717da40850822230fc3f940d0750fb1466317aa5752a8
tomcat5-servlet-2.4-api-javadoc-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 3754574c0e8236e85576d2c2f58a1121
SHA-256: c14be80864a171f0ecc971f3f3579d6aa7fe4373eb0631dcb1979a4a669e229d
tomcat5-webapps-5.5.33-36_patch_09.ep5.el6.noarch.rpm     MD5: 5912d7e49244e739271b480e357028a2
SHA-256: e6de770ae676c9255fb2c7366bce4f61300ed27b4abd66c03a876dcc53e60af4
tomcat6-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 09d1178dea2e10b4972900bb51ae165e
SHA-256: b02f717a1f0315e078887fea830ee1a7c5ea21c652da5f69320b02cda6fbccfa
tomcat6-admin-webapps-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 454d07382d037230fb336bdc10dec985
SHA-256: 7d5766a1c072d52679760178cbdb03bbfd8adadec176aef8f45716ea95688d23
tomcat6-docs-webapp-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 746a85d0fe6dc7c82a12ac8b3a3abc10
SHA-256: be6701a691533f6a1ea1bc9d7a1300c01e8cdbd35bd8fe5c2ef71b63d0a8c095
tomcat6-el-1.0-api-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 061bcb7b72242e07325e821a6bf9f077
SHA-256: 2a8a4398137ef54c06be4b78cfbbc5a0a24d4c87f1f9027ada157c6e4867a6a2
tomcat6-javadoc-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 78ab8157a876d0a0d3cc4ae9be3f3f41
SHA-256: 8df00d71338ea3f71d769da540e0b8594dcff1e23ed49b166633a8d244b82423
tomcat6-jsp-2.1-api-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 1347b5f71fc98dc7169967b21a7bf1fe
SHA-256: 5d090881250d9a05fe4b448a6281cd1060edb529ba86ee9365372de36c9153a5
tomcat6-lib-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 0e9d0eccaf48751b6b72d3632ac8f015
SHA-256: 08a75f86c82c14f837bee07b54cd72af8bf86bd1094752cb2f2e8d2dba64c50e
tomcat6-log4j-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: f55be41bd05a75018f344460e2c69c6e
SHA-256: 2312a19d2143f3c5fbdaa4e0528026a878b677a8abe131e48f2e3d7b59577e03
tomcat6-servlet-2.5-api-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: b44ea869fe05b3d3fa94d4b4610738ef
SHA-256: 49b3637d4dcda7168bb9483a3f59afc1240d61904ea8075fda48702beed6c49e
tomcat6-webapps-6.0.32-35_patch_09.ep5.el6.noarch.rpm     MD5: 59ae5f59af488e7561529656712286d9
SHA-256: 85d19388ac65e9cd0bad8683f2eab713efcfc26b448bd086918a0fae010999e6
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

927622 - CVE-2013-1976 tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/