Synopsis: Moderate: tomcat6 security and bug fix update
Advisory ID: SLSA-2016:0492-1
Issue Date: 2016-03-23
CVE Numbers: CVE-2014-7810
—
It was found that the expression language resolver evaluated expressions
within a privileged code section. A malicious web application could use
this flaw to bypass security manager protections. (CVE-2014-7810)
This update also fixes the following bug:
* Previously, using a New I/O (NIO) connector in the Apache Tomcat 6
servlet resulted in a large memory leak. An upstream patch has been
applied to fix this bug, and the memory leak no longer occurs.
Tomcat must be restarted for this update to take effect.
—
SL6
x86_64
tomcat6-6.0.24-94.el6_7.x86_64.rpm
tomcat6-admin-webapps-6.0.24-94.el6_7.x86_64.rpm
tomcat6-debuginfo-6.0.24-94.el6_7.x86_64.rpm
tomcat6-docs-webapp-6.0.24-94.el6_7.x86_64.rpm
tomcat6-el-2.1-api-6.0.24-94.el6_7.x86_64.rpm
tomcat6-javadoc-6.0.24-94.el6_7.x86_64.rpm
tomcat6-jsp-2.1-api-6.0.24-94.el6_7.x86_64.rpm
tomcat6-lib-6.0.24-94.el6_7.x86_64.rpm
tomcat6-servlet-2.5-api-6.0.24-94.el6_7.x86_64.rpm
tomcat6-webapps-6.0.24-94.el6_7.x86_64.rpm
i386
tomcat6-6.0.24-94.el6_7.i686.rpm
tomcat6-admin-webapps-6.0.24-94.el6_7.i686.rpm
tomcat6-debuginfo-6.0.24-94.el6_7.i686.rpm
tomcat6-docs-webapp-6.0.24-94.el6_7.i686.rpm
tomcat6-el-2.1-api-6.0.24-94.el6_7.i686.rpm
tomcat6-javadoc-6.0.24-94.el6_7.i686.rpm
tomcat6-jsp-2.1-api-6.0.24-94.el6_7.i686.rpm
tomcat6-lib-6.0.24-94.el6_7.i686.rpm
tomcat6-servlet-2.5-api-6.0.24-94.el6_7.i686.rpm
tomcat6-webapps-6.0.24-94.el6_7.i686.rpm
– Scientific Linux Development Team
