---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Debian update for tomcat5.5 SECUNIA ADVISORY ID: SA28549 VERIFY ADVISORY: http://secunia.com/advisories/28549/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux 4.0 http://secunia.com/product/13844/ Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ DESCRIPTION: Debian has issued an update for tomcat5.5. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks, and a security issue, which can be exploited by malicious people to disclose potentially sensitive information. For more information: SA25678 SA28552 SOLUTION: Apply updated packages. -- Debian 4.0 (stable) -- Source archives: http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20.orig.tar.gz Size/MD5 checksum:4796377 5775bae8fac16a0e3a2c913c4768bb37 http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch2.diff.gz Size/MD5 checksum:29045 3269f3be8bdf47cf1fb11bf31bcc564c http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch2.dsc Size/MD5 checksum: 1277 834e30a6f96d53b9a30beb71f5eb76b6 Architecture independent packages: http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-admin_5.5.20-2etch2_all.deb Size/MD5 checksum:1160336 8fd1c53caad5b17d143b6702db7f558b http://security.debian.org/pool/updates/main/t/tomcat5.5/libtomcat5.5-java_5.5.20-2etch2_all.deb Size/MD5 checksum:2384958 ca939178066edd204e6e891f5ec18e48 http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch2_all.deb Size/MD5 checksum:56918 17b4854ccadb2ca5034eefb3dfdb0b9b http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-webapps_5.5.20-2etch2_all.deb Size/MD5 checksum:1467572 6740d144b07556d1d6e38c6babd88937 -- Debian GNU/Linux unstable alias sid -- Reportedly, updated packages will be available soon. ORIGINAL ADVISORY: http://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00028.html OTHER REFERENCES: SA25678: http://secunia.com/advisories/25678/ SA28552: http://secunia.com/advisories/28552/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------