diff options
author | GLSAMaker <glsamaker@gentoo.org> | 2023-05-30 03:03:08 +0000 |
---|---|---|
committer | John Helmert III <ajak@gentoo.org> | 2023-05-29 20:05:04 -0700 |
commit | a8b85191c046076a4e4d12c8541d49e1473aaa66 (patch) | |
tree | 9e34eaee9116b130359773779094161a0651774b | |
parent | [ GLSA 202305-36 ] Mozilla Thunderbird: Multiple Vulnerabilities (diff) | |
download | glsa-a8b85191c046076a4e4d12c8541d49e1473aaa66.tar.gz glsa-a8b85191c046076a4e4d12c8541d49e1473aaa66.tar.bz2 glsa-a8b85191c046076a4e4d12c8541d49e1473aaa66.zip |
[ GLSA 202305-37 ] Apache Tomcat: Multiple Vulnerabilities
Bug: https://bugs.gentoo.org/878911
Bug: https://bugs.gentoo.org/889596
Bug: https://bugs.gentoo.org/896370
Bug: https://bugs.gentoo.org/907387
Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
Signed-off-by: John Helmert III <ajak@gentoo.org>
-rw-r--r-- | glsa-202305-37.xml | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/glsa-202305-37.xml b/glsa-202305-37.xml new file mode 100644 index 00000000..2382658e --- /dev/null +++ b/glsa-202305-37.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202305-37"> + <title>Apache Tomcat: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could result in denial of service.</synopsis> + <product type="ebuild">tomcat</product> + <announced>2023-05-30</announced> + <revised count="1">2023-05-30</revised> + <bug>878911</bug> + <bug>889596</bug> + <bug>896370</bug> + <bug>907387</bug> + <access>remote</access> + <affected> + <package name="www-servers/tomcat" auto="yes" arch="*"> + <unaffected range="ge">10.1.8</unaffected> + <vulnerable range="lt">10.1.8</vulnerable> + </package> + </affected> + <background> + <p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="low"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Apache Tomcat users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.1.8" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42252">CVE-2022-42252</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45143">CVE-2022-45143</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24998">CVE-2023-24998</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28709">CVE-2023-28709</uri> + </references> + <metadata tag="requester" timestamp="2023-05-30T03:03:08.445610Z">ajak</metadata> + <metadata tag="submitter" timestamp="2023-05-30T03:03:08.449048Z">ajak</metadata> +</glsa>
\ No newline at end of file |