Red Hat Product Errata RHSA-2011:0349 - Security Advisory
Issued:
2011-03-10
Updated:
2011-03-10

RHSA-2011:0349 - Security Advisory

Synopsis

Important: tomcat5 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated tomcat5 packages that fix one security issue are now available for
JBoss Enterprise Web Server 1.0.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A denial of service flaw was found in the way certain strings were
converted to Double objects. A remote attacker could use this flaw to cause
Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)

Users of Tomcat should upgrade to these updated packages, which contain a
backported patch to correct this issue. Tomcat must be restarted for this
update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • JBoss Enterprise Web Server 1 for RHEL 5 x86_64
  • JBoss Enterprise Web Server 1 for RHEL 5 i386

Fixes

  • BZ - 674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service

JBoss Enterprise Web Server 1 for RHEL 5

SRPM
tomcat5-5.5.28-12_patch_03.ep5.el5.src.rpm SHA-256: 74575fd2bd481279e368e5d0b652fee6cabd747ab4dd51342ae6a91646310c41
x86_64
tomcat5-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 6643729799d219d5074b3379e70ef17fd2a8a67ba28ac89070053e95a415f19a
tomcat5-admin-webapps-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 70f93d57dc99421fd3b0389fe1f3782ecf3c3e533b9da189c2e1743cf797d69e
tomcat5-common-lib-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 69fdabfa9a45c86cf4ef027f1a6edd59b60ead0f371fe1315822a53ea071f612
tomcat5-jasper-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 22a48da3fcdbe8a0c3836b85c4934c1f31ccd62b9eb497cb44a26d91f2fca326
tomcat5-jasper-eclipse-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 6607d2cd627a5ecc0d0fb1d4a2dca73430cb822294d1154154181920d65ec49c
tomcat5-jasper-javadoc-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 0c95aee222224e0ab31dfa08ce1322b6f3ce942bb533adbe35f24374dfa209ff
tomcat5-jsp-2.0-api-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: f6d53f5c74cc947a68eaa59da08a08241b032c210aada3f9dca75a6c4f6af42f
tomcat5-jsp-2.0-api-javadoc-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: e435182b9aac9a868e5562d18f410f7c98afde7b7880079745774aff0065dc13
tomcat5-parent-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 6cb3de248b5fd3333a132e3004e1da3e377390fffc81c8e123287fe74995f87e
tomcat5-server-lib-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 12baed40787f25b0d677107137d02997f4cc7fa2055ed19a21f0e0b46c231f0a
tomcat5-servlet-2.4-api-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 8d43cd3d681fb64f7c49d100d95b29f8e6964cca322a16aa613e0add6ea05031
tomcat5-servlet-2.4-api-javadoc-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: fe1d639e2703bf154edf6cc7ea5e5a98f5ce01a99e66d59a7802eb629088f72a
tomcat5-webapps-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: cb1fb7ba6ec6a847c92afe5dd9f03f72c9d4ee431ff68a9490ca0611b9da1650
i386
tomcat5-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 6643729799d219d5074b3379e70ef17fd2a8a67ba28ac89070053e95a415f19a
tomcat5-admin-webapps-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 70f93d57dc99421fd3b0389fe1f3782ecf3c3e533b9da189c2e1743cf797d69e
tomcat5-common-lib-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 69fdabfa9a45c86cf4ef027f1a6edd59b60ead0f371fe1315822a53ea071f612
tomcat5-jasper-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 22a48da3fcdbe8a0c3836b85c4934c1f31ccd62b9eb497cb44a26d91f2fca326
tomcat5-jasper-eclipse-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 6607d2cd627a5ecc0d0fb1d4a2dca73430cb822294d1154154181920d65ec49c
tomcat5-jasper-javadoc-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 0c95aee222224e0ab31dfa08ce1322b6f3ce942bb533adbe35f24374dfa209ff
tomcat5-jsp-2.0-api-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: f6d53f5c74cc947a68eaa59da08a08241b032c210aada3f9dca75a6c4f6af42f
tomcat5-jsp-2.0-api-javadoc-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: e435182b9aac9a868e5562d18f410f7c98afde7b7880079745774aff0065dc13
tomcat5-parent-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 6cb3de248b5fd3333a132e3004e1da3e377390fffc81c8e123287fe74995f87e
tomcat5-server-lib-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 12baed40787f25b0d677107137d02997f4cc7fa2055ed19a21f0e0b46c231f0a
tomcat5-servlet-2.4-api-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: 8d43cd3d681fb64f7c49d100d95b29f8e6964cca322a16aa613e0add6ea05031
tomcat5-servlet-2.4-api-javadoc-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: fe1d639e2703bf154edf6cc7ea5e5a98f5ce01a99e66d59a7802eb629088f72a
tomcat5-webapps-5.5.28-12_patch_03.ep5.el5.noarch.rpm SHA-256: cb1fb7ba6ec6a847c92afe5dd9f03f72c9d4ee431ff68a9490ca0611b9da1650

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.