This bug was fixed in the package tomcat6 - 6.0.32-5ubuntu1.2 --------------- tomcat6 (6.0.32-5ubuntu1.2) oneiric-security; urgency=low
* SECURITY UPDATE: cross-request information leakage - debian/patches/0016-CVE-2011-3375.patch: ensure that the request and response objects are recycled after being re-populated in java/org/apache/catalina/connector/CoyoteAdapter.java, java/org/apache/coyote/ajp/AjpAprProcessor.java, java/org/apache/coyote/ajp/AjpProcessor.java, java/org/apache/coyote/http11/Http11AprProcessor.java, java/org/apache/coyote/http11/Http11NioProcessor.java, java/org/apache/coyote/http11/Http11Processor.java. - CVE-2011-3375 * SECURITY UPDATE: denial of service via hash collision and incorrect handling of large numbers of parameters and parameter values (LP: #909828) - debian/patches/0017-CVE-2012-0022.patch: refactor parameter handling code in conf/web.xml, java/org/apache/catalina/connector/Connector.java, java/org/apache/catalina/connector/mbeans-descriptors.xml, java/org/apache/catalina/connector/Request.java, java/org/apache/catalina/filters/FilterBase.java, java/org/apache/catalina/filters/FailedRequestFilter.java, java/org/apache/catalina/Globals.java, java/org/apache/coyote/Request.java, java/org/apache/tomcat/util/buf/B2CConverter.java, java/org/apache/tomcat/util/buf/ByteChunk.java, java/org/apache/tomcat/util/buf/MessageBytes.java, java/org/apache/tomcat/util/buf/StringCache.java, java/org/apache/tomcat/util/http/LocalStrings.properties, java/org/apache/tomcat/util/http/Parameters.java, webapps/docs/config/ajp.xml, webapps/docs/config/filter.xml, webapps/docs/config/http.xml. - CVE-2011-4858 - CVE-2012-0022 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 25 Jan 2012 09:00:23 -0500 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in Ubuntu. https://bugs.launchpad.net/bugs/909828 Title: Tomcat needs update to prevent hash function DoS attack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/909828/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs