---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Debian update for tomcat5.5 SECUNIA ADVISORY ID: SA28317 VERIFY ADVISORY: http://secunia.com/advisories/28317/ CRITICAL: Less critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux 4.0 http://secunia.com/product/13844/ Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ DESCRIPTION: Debian has issued an update for tomcat5.5. This fixes some vulnerabilities and a security issue, which can be exploited by malicious, local users to bypass certain security restrictions, and by malicious people to disclose sensitive information and conduct cross-site scripting attacks. For more information: SA26465 SA26466 SA27398 SA28274 SOLUTION: Apply updated packages. -- Debian 4.0 (stable) -- Source archives: http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20.orig.tar.gz Size/MD5 checksum:4796377 5775bae8fac16a0e3a2c913c4768bb37 http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch1.dsc Size/MD5 checksum: 1277 c2193e917dd759a50b8481177bfcef39 http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch1.diff.gz Size/MD5 checksum:28422 6df1691cbea55b10e2d2d865b4b2983a Architecture independent packages: http://security.debian.org/pool/updates/main/t/tomcat5.5/libtomcat5.5-java_5.5.20-2etch1_all.deb Size/MD5 checksum:2385530 5f6482d73f7507b5f2f050ea825ee800 http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-webapps_5.5.20-2etch1_all.deb Size/MD5 checksum:1472296 4bc554684655794b1d82db2160d67bea http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch1_all.deb Size/MD5 checksum:56744 a1de64bb115d03c4d33c28065e0c793a http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-admin_5.5.20-2etch1_all.deb Size/MD5 checksum:1162332 ab90aab000037913260361eec812c573 -- Debian GNU/Linux unstable alias sid -- Reportedly, updated packages will be available soon. ORIGINAL ADVISORY: http://www.debian.org/security/2008/dsa-1447 OTHER REFERENCES: SA26465: http://secunia.com/advisories/26465/ SA26466: http://secunia.com/advisories/26466/ SA27398: http://secunia.com/advisories/27398/ SA28274: http://secunia.com/advisories/28274/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------