This bug was fixed in the package tomcat6 - 6.0.28-2ubuntu1.6 --------------- tomcat6 (6.0.28-2ubuntu1.6) maverick-security; urgency=low
* SECURITY UPDATE: denial of service via hash collision and incorrect handling of large numbers of parameters and parameter values (LP: #909828) - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling code in conf/web.xml, java/org/apache/catalina/connector/Connector.java, java/org/apache/catalina/connector/mbeans-descriptors.xml, java/org/apache/catalina/connector/Request.java, java/org/apache/catalina/filters/FailedRequestFilter.java, java/org/apache/catalina/Globals.java, java/org/apache/coyote/Request.java, java/org/apache/tomcat/util/buf/B2CConverter.java, java/org/apache/tomcat/util/buf/ByteChunk.java, java/org/apache/tomcat/util/buf/MessageBytes.java, java/org/apache/tomcat/util/buf/StringCache.java, java/org/apache/tomcat/util/http/LocalStrings.properties, java/org/apache/tomcat/util/http/Parameters.java, webapps/docs/config/ajp.xml, webapps/docs/config/http.xml. - CVE-2011-4858 - CVE-2012-0022 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 25 Jan 2012 14:09:00 -0500 ** Changed in: tomcat6 (Ubuntu Natty) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/909828 Title: Tomcat needs update to prevent hash function DoS attack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/909828/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs