tomcat8 8.0.32-1ubuntu1.13 source package in Ubuntu
Changelog
tomcat8 (8.0.32-1ubuntu1.13) xenial-security; urgency=medium
* SECURITY UPDATE: infinite loop via invalid payload length
- debian/patches/CVE-2020-13935.patch: add additional payload length
validation in java/org/apache/tomcat/websocket/WsFrameBase.java,
java/org/apache/tomcat/websocket/LocalStrings.properties.
- CVE-2020-13935
* SECURITY UPDATE: HTTP Request Smuggling via invalid request smuggling
- debian/patches/CVE-2020-1935.patch: use stricter header value
parsing in java/org/apache/coyote/http11/AbstractNioInputBuffer.java,
java/org/apache/coyote/http11/InternalAprInputBuffer.java,
java/org/apache/coyote/http11/InternalInputBuffer.java,
java/org/apache/tomcat/util/http/MimeHeaders.java,
java/org/apache/tomcat/util/http/parser/HttpParser.java,
test/org/apache/coyote/http11/TestInternalInputBuffer.java.
- CVE-2020-1935
* SECURITY UPDATE: remote code execution via deserialization of a file
under the attacker's control
- debian/patches/CVE-2020-9484.patch: improve validation of storage
location when using FileStore in
java/org/apache/catalina/session/FileStore.java,
java/org/apache/catalina/session/LocalStrings.properties.
- CVE-2020-9484
-- Marc Deslauriers <email address hidden> Mon, 03 Aug 2020 06:53:09 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Xenial
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- java
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Xenial | updates | main | misc | |
| Xenial | security | main | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| tomcat8_8.0.32.orig.tar.xz | 3.3 MiB | d2be58fc3fcece412adcd07dabf88b755debc9aaefacbb3c8dfc0892dfa5c769 |
| tomcat8_8.0.32-1ubuntu1.13.debian.tar.xz | 70.1 KiB | 1eef789f311c752f4cddccfd9f1f065f3238ddce68c1e5be4ae0d4c5d7673506 |
| tomcat8_8.0.32-1ubuntu1.13.dsc | 2.8 KiB | c374571c4b9ed17f603dadc797c2ae558917cf8103f3be8294a47bd3a3f83842 |
Available diffs
Binary packages built by this source
- libservlet3.1-java: Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Oracle, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains the Java Servlet and JSP library.
- libservlet3.1-java-doc: Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documentation
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Oracle, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains the documentation for the Java Servlet and JSP library.
- libtomcat8-java: Apache Tomcat 8 - Servlet and JSP engine -- core libraries
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Oracle, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains the Tomcat core classes which can be used by other
Java applications to embed Tomcat.
- tomcat8: Apache Tomcat 8 - Servlet and JSP engine
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Oracle, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains only the startup scripts for the system-wide daemon.
No documentation or web applications are included here, please install
the tomcat8-docs and tomcat8-examples packages if you want them.
Install the authbind package if you need to use Tomcat on ports 1-1023.
Install tomcat8-user instead of this package if you don't want Tomcat to
start as a service.
- tomcat8-admin: Apache Tomcat 8 - Servlet and JSP engine -- admin web applications
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Oracle, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains the administrative web interfaces.
- tomcat8-common: Apache Tomcat 8 - Servlet and JSP engine -- common files
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Oracle, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains common files needed by the tomcat8 and tomcat8-user
packages (Tomcat 8 scripts and libraries).
- tomcat8-docs: Apache Tomcat 8 - Servlet and JSP engine -- documentation
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Oracle, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains the online documentation web application.
- tomcat8-examples: Apache Tomcat 8 - Servlet and JSP engine -- example web applications
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Oracle, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains the default Tomcat example webapps.
- tomcat8-user: Apache Tomcat 8 - Servlet and JSP engine -- tools to create user instances
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Oracle, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains files needed to create a user Tomcat instance.
This user Tomcat instance can be started and stopped using the scripts
provided in the Tomcat instance directory.
