Security Advisory Moderate: tomcat6 security update

Advisory: RHSA-2014:0429-1
Type: Security Advisory
Severity: Moderate
Issued on: 2014-04-23
Last updated on: 2014-04-23
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2013-4286
CVE-2013-4322
CVE-2014-0050

Details

Updated tomcat6 packages that fix three security issues are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

It was found that when Tomcat processed a series of HTTP requests in which
at least one request contained either multiple content-length headers, or
one content-length header with a chunked transfer-encoding header, Tomcat
would incorrectly handle the request. A remote attacker could use this flaw
to poison a web cache, perform cross-site scripting (XSS) attacks, or
obtain sensitive information from other requests. (CVE-2013-4286)

It was discovered that the fix for CVE-2012-3544 did not properly resolve a
denial of service flaw in the way Tomcat processed chunk extensions and
trailing headers in chunked requests. A remote attacker could use this flaw
to send an excessively long request that, when processed by Tomcat, could
consume network bandwidth, CPU, and memory on the Tomcat server. Note that
chunked transfer encoding is enabled by default. (CVE-2013-4322)

A denial of service flaw was found in the way Apache Commons FileUpload
handled small-sized buffers used by MultipartStream. A remote attacker
could use this flaw to create a malformed Content-Type header for a
multipart request, causing JBoss Web to enter an infinite loop when
processing such an incoming request. (CVE-2014-0050)

All Tomcat users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. Tomcat must be
restarted for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
tomcat6-6.0.24-64.el6_5.src.rpm
File outdated by:  RHSA-2014:1038
    MD5: cddcba9bd11b9b57a540907acf4aa9c2
SHA-256: e3bbeb64031c372da7fc1b3991a627f2a000f568cad7b8b16abd952e0364911f
 
IA-32:
tomcat6-6.0.24-64.el6_5.noarch.rpm     MD5: 5392e490dc07ff6ac11bfb2ff2562d82
SHA-256: ddb3cf8b6aa9a40978c0cd9d3e58b3072a0ef63cc725a6f2a85303bfd3fcf232
tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 95fb8da875db7b4e4df25d4bdbde39d1
SHA-256: 5781d160a60f51fa8d52da0fa489b9e7fa2aba947a1148da93c2f67939eeda6d
tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm     MD5: 35d352fac2ade419dd229f8eb7fd6e3c
SHA-256: 9469192388e080f0d1f6e5caabc249e41cc51fdf80fdc2d8ff72eb3ad20975fc
tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 000ab743711297e42ccfd13822db4d49
SHA-256: 6f9c6e460187e265e8b9d3d78acd24bf76fae184da1be3c876c98465a4ef09db
tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm     MD5: a5c982131487a77e3c2d06e64a095505
SHA-256: 4a202c54d8be845d203024e8f369e5a250a18fbc4c4a95ab835629480cd64808
tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 9021d69fc59fe66c457b55d5212d3231
SHA-256: 63e04f3db6619cc8e0239f4eeb1c3a30e4c70f0514b97baba0be13d90ed1336f
tomcat6-lib-6.0.24-64.el6_5.noarch.rpm     MD5: 7e10180d6d5c86f8468352fc2f707572
SHA-256: c19d6883d100d59f1b97f5d1eca48c00e38ae8a3812fed9f677f6aa07c775619
tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm     MD5: cc4cb6a94b45d15a23154fc6062e76b9
SHA-256: 4452db6922924bc6a4ef8b1c0c0a45474700d46b089034bb258c8c7509b9e87d
tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 561e22e084dee819989e4435a75d81c3
SHA-256: 7da14b196b34128b6199a58b194ad8bfda883587f62e8529cb1d593e726ddded
 
x86_64:
tomcat6-6.0.24-64.el6_5.noarch.rpm     MD5: 5392e490dc07ff6ac11bfb2ff2562d82
SHA-256: ddb3cf8b6aa9a40978c0cd9d3e58b3072a0ef63cc725a6f2a85303bfd3fcf232
tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 95fb8da875db7b4e4df25d4bdbde39d1
SHA-256: 5781d160a60f51fa8d52da0fa489b9e7fa2aba947a1148da93c2f67939eeda6d
tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm     MD5: 35d352fac2ade419dd229f8eb7fd6e3c
SHA-256: 9469192388e080f0d1f6e5caabc249e41cc51fdf80fdc2d8ff72eb3ad20975fc
tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 000ab743711297e42ccfd13822db4d49
SHA-256: 6f9c6e460187e265e8b9d3d78acd24bf76fae184da1be3c876c98465a4ef09db
tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm     MD5: a5c982131487a77e3c2d06e64a095505
SHA-256: 4a202c54d8be845d203024e8f369e5a250a18fbc4c4a95ab835629480cd64808
tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 9021d69fc59fe66c457b55d5212d3231
SHA-256: 63e04f3db6619cc8e0239f4eeb1c3a30e4c70f0514b97baba0be13d90ed1336f
tomcat6-lib-6.0.24-64.el6_5.noarch.rpm     MD5: 7e10180d6d5c86f8468352fc2f707572
SHA-256: c19d6883d100d59f1b97f5d1eca48c00e38ae8a3812fed9f677f6aa07c775619
tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm     MD5: cc4cb6a94b45d15a23154fc6062e76b9
SHA-256: 4452db6922924bc6a4ef8b1c0c0a45474700d46b089034bb258c8c7509b9e87d
tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 561e22e084dee819989e4435a75d81c3
SHA-256: 7da14b196b34128b6199a58b194ad8bfda883587f62e8529cb1d593e726ddded
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
tomcat6-6.0.24-64.el6_5.src.rpm
File outdated by:  RHSA-2014:1038
    MD5: cddcba9bd11b9b57a540907acf4aa9c2
SHA-256: e3bbeb64031c372da7fc1b3991a627f2a000f568cad7b8b16abd952e0364911f
 
x86_64:
tomcat6-6.0.24-64.el6_5.noarch.rpm     MD5: 5392e490dc07ff6ac11bfb2ff2562d82
SHA-256: ddb3cf8b6aa9a40978c0cd9d3e58b3072a0ef63cc725a6f2a85303bfd3fcf232
tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 95fb8da875db7b4e4df25d4bdbde39d1
SHA-256: 5781d160a60f51fa8d52da0fa489b9e7fa2aba947a1148da93c2f67939eeda6d
tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm     MD5: 35d352fac2ade419dd229f8eb7fd6e3c
SHA-256: 9469192388e080f0d1f6e5caabc249e41cc51fdf80fdc2d8ff72eb3ad20975fc
tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 000ab743711297e42ccfd13822db4d49
SHA-256: 6f9c6e460187e265e8b9d3d78acd24bf76fae184da1be3c876c98465a4ef09db
tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm     MD5: a5c982131487a77e3c2d06e64a095505
SHA-256: 4a202c54d8be845d203024e8f369e5a250a18fbc4c4a95ab835629480cd64808
tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 9021d69fc59fe66c457b55d5212d3231
SHA-256: 63e04f3db6619cc8e0239f4eeb1c3a30e4c70f0514b97baba0be13d90ed1336f
tomcat6-lib-6.0.24-64.el6_5.noarch.rpm     MD5: 7e10180d6d5c86f8468352fc2f707572
SHA-256: c19d6883d100d59f1b97f5d1eca48c00e38ae8a3812fed9f677f6aa07c775619
tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm     MD5: cc4cb6a94b45d15a23154fc6062e76b9
SHA-256: 4452db6922924bc6a4ef8b1c0c0a45474700d46b089034bb258c8c7509b9e87d
tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 561e22e084dee819989e4435a75d81c3
SHA-256: 7da14b196b34128b6199a58b194ad8bfda883587f62e8529cb1d593e726ddded
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
tomcat6-6.0.24-64.el6_5.src.rpm
File outdated by:  RHSA-2014:1038
    MD5: cddcba9bd11b9b57a540907acf4aa9c2
SHA-256: e3bbeb64031c372da7fc1b3991a627f2a000f568cad7b8b16abd952e0364911f
 
IA-32:
tomcat6-6.0.24-64.el6_5.noarch.rpm     MD5: 5392e490dc07ff6ac11bfb2ff2562d82
SHA-256: ddb3cf8b6aa9a40978c0cd9d3e58b3072a0ef63cc725a6f2a85303bfd3fcf232
tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 95fb8da875db7b4e4df25d4bdbde39d1
SHA-256: 5781d160a60f51fa8d52da0fa489b9e7fa2aba947a1148da93c2f67939eeda6d
tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm     MD5: 35d352fac2ade419dd229f8eb7fd6e3c
SHA-256: 9469192388e080f0d1f6e5caabc249e41cc51fdf80fdc2d8ff72eb3ad20975fc
tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 000ab743711297e42ccfd13822db4d49
SHA-256: 6f9c6e460187e265e8b9d3d78acd24bf76fae184da1be3c876c98465a4ef09db
tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm     MD5: a5c982131487a77e3c2d06e64a095505
SHA-256: 4a202c54d8be845d203024e8f369e5a250a18fbc4c4a95ab835629480cd64808
tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 9021d69fc59fe66c457b55d5212d3231
SHA-256: 63e04f3db6619cc8e0239f4eeb1c3a30e4c70f0514b97baba0be13d90ed1336f
tomcat6-lib-6.0.24-64.el6_5.noarch.rpm     MD5: 7e10180d6d5c86f8468352fc2f707572
SHA-256: c19d6883d100d59f1b97f5d1eca48c00e38ae8a3812fed9f677f6aa07c775619
tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm     MD5: cc4cb6a94b45d15a23154fc6062e76b9
SHA-256: 4452db6922924bc6a4ef8b1c0c0a45474700d46b089034bb258c8c7509b9e87d
tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 561e22e084dee819989e4435a75d81c3
SHA-256: 7da14b196b34128b6199a58b194ad8bfda883587f62e8529cb1d593e726ddded
 
PPC:
tomcat6-6.0.24-64.el6_5.noarch.rpm     MD5: 5392e490dc07ff6ac11bfb2ff2562d82
SHA-256: ddb3cf8b6aa9a40978c0cd9d3e58b3072a0ef63cc725a6f2a85303bfd3fcf232
tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 95fb8da875db7b4e4df25d4bdbde39d1
SHA-256: 5781d160a60f51fa8d52da0fa489b9e7fa2aba947a1148da93c2f67939eeda6d
tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm     MD5: 35d352fac2ade419dd229f8eb7fd6e3c
SHA-256: 9469192388e080f0d1f6e5caabc249e41cc51fdf80fdc2d8ff72eb3ad20975fc
tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 000ab743711297e42ccfd13822db4d49
SHA-256: 6f9c6e460187e265e8b9d3d78acd24bf76fae184da1be3c876c98465a4ef09db
tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm     MD5: a5c982131487a77e3c2d06e64a095505
SHA-256: 4a202c54d8be845d203024e8f369e5a250a18fbc4c4a95ab835629480cd64808
tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 9021d69fc59fe66c457b55d5212d3231
SHA-256: 63e04f3db6619cc8e0239f4eeb1c3a30e4c70f0514b97baba0be13d90ed1336f
tomcat6-lib-6.0.24-64.el6_5.noarch.rpm     MD5: 7e10180d6d5c86f8468352fc2f707572
SHA-256: c19d6883d100d59f1b97f5d1eca48c00e38ae8a3812fed9f677f6aa07c775619
tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm     MD5: cc4cb6a94b45d15a23154fc6062e76b9
SHA-256: 4452db6922924bc6a4ef8b1c0c0a45474700d46b089034bb258c8c7509b9e87d
tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 561e22e084dee819989e4435a75d81c3
SHA-256: 7da14b196b34128b6199a58b194ad8bfda883587f62e8529cb1d593e726ddded
 
s390x:
tomcat6-6.0.24-64.el6_5.noarch.rpm     MD5: 5392e490dc07ff6ac11bfb2ff2562d82
SHA-256: ddb3cf8b6aa9a40978c0cd9d3e58b3072a0ef63cc725a6f2a85303bfd3fcf232
tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 95fb8da875db7b4e4df25d4bdbde39d1
SHA-256: 5781d160a60f51fa8d52da0fa489b9e7fa2aba947a1148da93c2f67939eeda6d
tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm     MD5: 35d352fac2ade419dd229f8eb7fd6e3c
SHA-256: 9469192388e080f0d1f6e5caabc249e41cc51fdf80fdc2d8ff72eb3ad20975fc
tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 000ab743711297e42ccfd13822db4d49
SHA-256: 6f9c6e460187e265e8b9d3d78acd24bf76fae184da1be3c876c98465a4ef09db
tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm     MD5: a5c982131487a77e3c2d06e64a095505
SHA-256: 4a202c54d8be845d203024e8f369e5a250a18fbc4c4a95ab835629480cd64808
tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 9021d69fc59fe66c457b55d5212d3231
SHA-256: 63e04f3db6619cc8e0239f4eeb1c3a30e4c70f0514b97baba0be13d90ed1336f
tomcat6-lib-6.0.24-64.el6_5.noarch.rpm     MD5: 7e10180d6d5c86f8468352fc2f707572
SHA-256: c19d6883d100d59f1b97f5d1eca48c00e38ae8a3812fed9f677f6aa07c775619
tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm     MD5: cc4cb6a94b45d15a23154fc6062e76b9
SHA-256: 4452db6922924bc6a4ef8b1c0c0a45474700d46b089034bb258c8c7509b9e87d
tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 561e22e084dee819989e4435a75d81c3
SHA-256: 7da14b196b34128b6199a58b194ad8bfda883587f62e8529cb1d593e726ddded
 
x86_64:
tomcat6-6.0.24-64.el6_5.noarch.rpm     MD5: 5392e490dc07ff6ac11bfb2ff2562d82
SHA-256: ddb3cf8b6aa9a40978c0cd9d3e58b3072a0ef63cc725a6f2a85303bfd3fcf232
tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 95fb8da875db7b4e4df25d4bdbde39d1
SHA-256: 5781d160a60f51fa8d52da0fa489b9e7fa2aba947a1148da93c2f67939eeda6d
tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm     MD5: 35d352fac2ade419dd229f8eb7fd6e3c
SHA-256: 9469192388e080f0d1f6e5caabc249e41cc51fdf80fdc2d8ff72eb3ad20975fc
tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 000ab743711297e42ccfd13822db4d49
SHA-256: 6f9c6e460187e265e8b9d3d78acd24bf76fae184da1be3c876c98465a4ef09db
tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm     MD5: a5c982131487a77e3c2d06e64a095505
SHA-256: 4a202c54d8be845d203024e8f369e5a250a18fbc4c4a95ab835629480cd64808
tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 9021d69fc59fe66c457b55d5212d3231
SHA-256: 63e04f3db6619cc8e0239f4eeb1c3a30e4c70f0514b97baba0be13d90ed1336f
tomcat6-lib-6.0.24-64.el6_5.noarch.rpm     MD5: 7e10180d6d5c86f8468352fc2f707572
SHA-256: c19d6883d100d59f1b97f5d1eca48c00e38ae8a3812fed9f677f6aa07c775619
tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm     MD5: cc4cb6a94b45d15a23154fc6062e76b9
SHA-256: 4452db6922924bc6a4ef8b1c0c0a45474700d46b089034bb258c8c7509b9e87d
tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 561e22e084dee819989e4435a75d81c3
SHA-256: 7da14b196b34128b6199a58b194ad8bfda883587f62e8529cb1d593e726ddded
 
Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
tomcat6-6.0.24-64.el6_5.src.rpm
File outdated by:  RHSA-2014:1038
    MD5: cddcba9bd11b9b57a540907acf4aa9c2
SHA-256: e3bbeb64031c372da7fc1b3991a627f2a000f568cad7b8b16abd952e0364911f
 
x86_64:
tomcat6-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 5392e490dc07ff6ac11bfb2ff2562d82
SHA-256: ddb3cf8b6aa9a40978c0cd9d3e58b3072a0ef63cc725a6f2a85303bfd3fcf232
tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 95fb8da875db7b4e4df25d4bdbde39d1
SHA-256: 5781d160a60f51fa8d52da0fa489b9e7fa2aba947a1148da93c2f67939eeda6d
tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 35d352fac2ade419dd229f8eb7fd6e3c
SHA-256: 9469192388e080f0d1f6e5caabc249e41cc51fdf80fdc2d8ff72eb3ad20975fc
tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 000ab743711297e42ccfd13822db4d49
SHA-256: 6f9c6e460187e265e8b9d3d78acd24bf76fae184da1be3c876c98465a4ef09db
tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: a5c982131487a77e3c2d06e64a095505
SHA-256: 4a202c54d8be845d203024e8f369e5a250a18fbc4c4a95ab835629480cd64808
tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 9021d69fc59fe66c457b55d5212d3231
SHA-256: 63e04f3db6619cc8e0239f4eeb1c3a30e4c70f0514b97baba0be13d90ed1336f
tomcat6-lib-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 7e10180d6d5c86f8468352fc2f707572
SHA-256: c19d6883d100d59f1b97f5d1eca48c00e38ae8a3812fed9f677f6aa07c775619
tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: cc4cb6a94b45d15a23154fc6062e76b9
SHA-256: 4452db6922924bc6a4ef8b1c0c0a45474700d46b089034bb258c8c7509b9e87d
tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 561e22e084dee819989e4435a75d81c3
SHA-256: 7da14b196b34128b6199a58b194ad8bfda883587f62e8529cb1d593e726ddded
 
Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:
tomcat6-6.0.24-64.el6_5.src.rpm
File outdated by:  RHSA-2014:1038
    MD5: cddcba9bd11b9b57a540907acf4aa9c2
SHA-256: e3bbeb64031c372da7fc1b3991a627f2a000f568cad7b8b16abd952e0364911f
 
IA-32:
tomcat6-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 5392e490dc07ff6ac11bfb2ff2562d82
SHA-256: ddb3cf8b6aa9a40978c0cd9d3e58b3072a0ef63cc725a6f2a85303bfd3fcf232
tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 95fb8da875db7b4e4df25d4bdbde39d1
SHA-256: 5781d160a60f51fa8d52da0fa489b9e7fa2aba947a1148da93c2f67939eeda6d
tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 35d352fac2ade419dd229f8eb7fd6e3c
SHA-256: 9469192388e080f0d1f6e5caabc249e41cc51fdf80fdc2d8ff72eb3ad20975fc
tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 000ab743711297e42ccfd13822db4d49
SHA-256: 6f9c6e460187e265e8b9d3d78acd24bf76fae184da1be3c876c98465a4ef09db
tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: a5c982131487a77e3c2d06e64a095505
SHA-256: 4a202c54d8be845d203024e8f369e5a250a18fbc4c4a95ab835629480cd64808
tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 9021d69fc59fe66c457b55d5212d3231
SHA-256: 63e04f3db6619cc8e0239f4eeb1c3a30e4c70f0514b97baba0be13d90ed1336f
tomcat6-lib-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 7e10180d6d5c86f8468352fc2f707572
SHA-256: c19d6883d100d59f1b97f5d1eca48c00e38ae8a3812fed9f677f6aa07c775619
tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: cc4cb6a94b45d15a23154fc6062e76b9
SHA-256: 4452db6922924bc6a4ef8b1c0c0a45474700d46b089034bb258c8c7509b9e87d
tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 561e22e084dee819989e4435a75d81c3
SHA-256: 7da14b196b34128b6199a58b194ad8bfda883587f62e8529cb1d593e726ddded
 
PPC:
tomcat6-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 5392e490dc07ff6ac11bfb2ff2562d82
SHA-256: ddb3cf8b6aa9a40978c0cd9d3e58b3072a0ef63cc725a6f2a85303bfd3fcf232
tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 95fb8da875db7b4e4df25d4bdbde39d1
SHA-256: 5781d160a60f51fa8d52da0fa489b9e7fa2aba947a1148da93c2f67939eeda6d
tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 35d352fac2ade419dd229f8eb7fd6e3c
SHA-256: 9469192388e080f0d1f6e5caabc249e41cc51fdf80fdc2d8ff72eb3ad20975fc
tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 000ab743711297e42ccfd13822db4d49
SHA-256: 6f9c6e460187e265e8b9d3d78acd24bf76fae184da1be3c876c98465a4ef09db
tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: a5c982131487a77e3c2d06e64a095505
SHA-256: 4a202c54d8be845d203024e8f369e5a250a18fbc4c4a95ab835629480cd64808
tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 9021d69fc59fe66c457b55d5212d3231
SHA-256: 63e04f3db6619cc8e0239f4eeb1c3a30e4c70f0514b97baba0be13d90ed1336f
tomcat6-lib-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 7e10180d6d5c86f8468352fc2f707572
SHA-256: c19d6883d100d59f1b97f5d1eca48c00e38ae8a3812fed9f677f6aa07c775619
tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: cc4cb6a94b45d15a23154fc6062e76b9
SHA-256: 4452db6922924bc6a4ef8b1c0c0a45474700d46b089034bb258c8c7509b9e87d
tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 561e22e084dee819989e4435a75d81c3
SHA-256: 7da14b196b34128b6199a58b194ad8bfda883587f62e8529cb1d593e726ddded
 
s390x:
tomcat6-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 5392e490dc07ff6ac11bfb2ff2562d82
SHA-256: ddb3cf8b6aa9a40978c0cd9d3e58b3072a0ef63cc725a6f2a85303bfd3fcf232
tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 95fb8da875db7b4e4df25d4bdbde39d1
SHA-256: 5781d160a60f51fa8d52da0fa489b9e7fa2aba947a1148da93c2f67939eeda6d
tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 35d352fac2ade419dd229f8eb7fd6e3c
SHA-256: 9469192388e080f0d1f6e5caabc249e41cc51fdf80fdc2d8ff72eb3ad20975fc
tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 000ab743711297e42ccfd13822db4d49
SHA-256: 6f9c6e460187e265e8b9d3d78acd24bf76fae184da1be3c876c98465a4ef09db
tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: a5c982131487a77e3c2d06e64a095505
SHA-256: 4a202c54d8be845d203024e8f369e5a250a18fbc4c4a95ab835629480cd64808
tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 9021d69fc59fe66c457b55d5212d3231
SHA-256: 63e04f3db6619cc8e0239f4eeb1c3a30e4c70f0514b97baba0be13d90ed1336f
tomcat6-lib-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 7e10180d6d5c86f8468352fc2f707572
SHA-256: c19d6883d100d59f1b97f5d1eca48c00e38ae8a3812fed9f677f6aa07c775619
tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: cc4cb6a94b45d15a23154fc6062e76b9
SHA-256: 4452db6922924bc6a4ef8b1c0c0a45474700d46b089034bb258c8c7509b9e87d
tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 561e22e084dee819989e4435a75d81c3
SHA-256: 7da14b196b34128b6199a58b194ad8bfda883587f62e8529cb1d593e726ddded
 
x86_64:
tomcat6-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 5392e490dc07ff6ac11bfb2ff2562d82
SHA-256: ddb3cf8b6aa9a40978c0cd9d3e58b3072a0ef63cc725a6f2a85303bfd3fcf232
tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 95fb8da875db7b4e4df25d4bdbde39d1
SHA-256: 5781d160a60f51fa8d52da0fa489b9e7fa2aba947a1148da93c2f67939eeda6d
tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 35d352fac2ade419dd229f8eb7fd6e3c
SHA-256: 9469192388e080f0d1f6e5caabc249e41cc51fdf80fdc2d8ff72eb3ad20975fc
tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 000ab743711297e42ccfd13822db4d49
SHA-256: 6f9c6e460187e265e8b9d3d78acd24bf76fae184da1be3c876c98465a4ef09db
tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: a5c982131487a77e3c2d06e64a095505
SHA-256: 4a202c54d8be845d203024e8f369e5a250a18fbc4c4a95ab835629480cd64808
tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 9021d69fc59fe66c457b55d5212d3231
SHA-256: 63e04f3db6619cc8e0239f4eeb1c3a30e4c70f0514b97baba0be13d90ed1336f
tomcat6-lib-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 7e10180d6d5c86f8468352fc2f707572
SHA-256: c19d6883d100d59f1b97f5d1eca48c00e38ae8a3812fed9f677f6aa07c775619
tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: cc4cb6a94b45d15a23154fc6062e76b9
SHA-256: 4452db6922924bc6a4ef8b1c0c0a45474700d46b089034bb258c8c7509b9e87d
tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm
File outdated by:  RHSA-2014:1038
    MD5: 561e22e084dee819989e4435a75d81c3
SHA-256: 7da14b196b34128b6199a58b194ad8bfda883587f62e8529cb1d593e726ddded
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
tomcat6-6.0.24-64.el6_5.src.rpm
File outdated by:  RHSA-2014:1038
    MD5: cddcba9bd11b9b57a540907acf4aa9c2
SHA-256: e3bbeb64031c372da7fc1b3991a627f2a000f568cad7b8b16abd952e0364911f
 
IA-32:
tomcat6-6.0.24-64.el6_5.noarch.rpm     MD5: 5392e490dc07ff6ac11bfb2ff2562d82
SHA-256: ddb3cf8b6aa9a40978c0cd9d3e58b3072a0ef63cc725a6f2a85303bfd3fcf232
tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 95fb8da875db7b4e4df25d4bdbde39d1
SHA-256: 5781d160a60f51fa8d52da0fa489b9e7fa2aba947a1148da93c2f67939eeda6d
tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm     MD5: 35d352fac2ade419dd229f8eb7fd6e3c
SHA-256: 9469192388e080f0d1f6e5caabc249e41cc51fdf80fdc2d8ff72eb3ad20975fc
tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 000ab743711297e42ccfd13822db4d49
SHA-256: 6f9c6e460187e265e8b9d3d78acd24bf76fae184da1be3c876c98465a4ef09db
tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm     MD5: a5c982131487a77e3c2d06e64a095505
SHA-256: 4a202c54d8be845d203024e8f369e5a250a18fbc4c4a95ab835629480cd64808
tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 9021d69fc59fe66c457b55d5212d3231
SHA-256: 63e04f3db6619cc8e0239f4eeb1c3a30e4c70f0514b97baba0be13d90ed1336f
tomcat6-lib-6.0.24-64.el6_5.noarch.rpm     MD5: 7e10180d6d5c86f8468352fc2f707572
SHA-256: c19d6883d100d59f1b97f5d1eca48c00e38ae8a3812fed9f677f6aa07c775619
tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm     MD5: cc4cb6a94b45d15a23154fc6062e76b9
SHA-256: 4452db6922924bc6a4ef8b1c0c0a45474700d46b089034bb258c8c7509b9e87d
tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 561e22e084dee819989e4435a75d81c3
SHA-256: 7da14b196b34128b6199a58b194ad8bfda883587f62e8529cb1d593e726ddded
 
x86_64:
tomcat6-6.0.24-64.el6_5.noarch.rpm     MD5: 5392e490dc07ff6ac11bfb2ff2562d82
SHA-256: ddb3cf8b6aa9a40978c0cd9d3e58b3072a0ef63cc725a6f2a85303bfd3fcf232
tomcat6-admin-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 95fb8da875db7b4e4df25d4bdbde39d1
SHA-256: 5781d160a60f51fa8d52da0fa489b9e7fa2aba947a1148da93c2f67939eeda6d
tomcat6-docs-webapp-6.0.24-64.el6_5.noarch.rpm     MD5: 35d352fac2ade419dd229f8eb7fd6e3c
SHA-256: 9469192388e080f0d1f6e5caabc249e41cc51fdf80fdc2d8ff72eb3ad20975fc
tomcat6-el-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 000ab743711297e42ccfd13822db4d49
SHA-256: 6f9c6e460187e265e8b9d3d78acd24bf76fae184da1be3c876c98465a4ef09db
tomcat6-javadoc-6.0.24-64.el6_5.noarch.rpm     MD5: a5c982131487a77e3c2d06e64a095505
SHA-256: 4a202c54d8be845d203024e8f369e5a250a18fbc4c4a95ab835629480cd64808
tomcat6-jsp-2.1-api-6.0.24-64.el6_5.noarch.rpm     MD5: 9021d69fc59fe66c457b55d5212d3231
SHA-256: 63e04f3db6619cc8e0239f4eeb1c3a30e4c70f0514b97baba0be13d90ed1336f
tomcat6-lib-6.0.24-64.el6_5.noarch.rpm     MD5: 7e10180d6d5c86f8468352fc2f707572
SHA-256: c19d6883d100d59f1b97f5d1eca48c00e38ae8a3812fed9f677f6aa07c775619
tomcat6-servlet-2.5-api-6.0.24-64.el6_5.noarch.rpm     MD5: cc4cb6a94b45d15a23154fc6062e76b9
SHA-256: 4452db6922924bc6a4ef8b1c0c0a45474700d46b089034bb258c8c7509b9e87d
tomcat6-webapps-6.0.24-64.el6_5.noarch.rpm     MD5: 561e22e084dee819989e4435a75d81c3
SHA-256: 7da14b196b34128b6199a58b194ad8bfda883587f62e8529cb1d593e726ddded
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream
1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544
1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/