Red Hat Product Errata RHSA-2016:2045 - Security Advisory

Issued:: 2016-10-10
Updated:: 2016-10-10

RHSA-2016:2045 - Security Advisory

Overview
Updated Packages

Synopsis

Important: tomcat6 security and bug fix update

Type/Severity

Security Advisory: Important

Topic

An update for tomcat6 is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (CVE-2015-5174)
It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)
It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)

Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security.

Bug Fix(es):

Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum, size, and mtime attributes were compared to the file's attributes at installation time. Because these attributes change after the service is started, the "rpm -V" command previously failed. With this update, the attributes mentioned above are ignored in the RPM verification and the catalina.out file now passes the verification check. (BZ#1357123)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

BZ - 1265698 - CVE-2015-5174 tomcat: URL Normalization issue
BZ - 1311082 - CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms
BZ - 1311087 - CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet
BZ - 1311089 - CVE-2015-5345 tomcat: directory disclosure
BZ - 1353809 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
BZ - 1357123 - rpm -V tomcat6 fails due on /var/log/tomcat6/catalina.out [rhel-6.8.z]
BZ - 1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
tomcat6-6.0.24-98.el6_8.src.rpm	SHA-256: 8192313497d6a09574bdbda6572273d0d98524e9b6150f694a3dfd9a9c7f286e
x86_64
tomcat6-6.0.24-98.el6_8.noarch.rpm	SHA-256: d38d7d5654b19e1fe8eb6b66db6964c2536231e74afae194abb7925f106c4879
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: d60d94fff50be71664bc8ae5bb084c4c7bdcc4b8df8441d521e37484d0b99770
tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm	SHA-256: ea3da92998ebcfbb548da07606bba92e458f02b3bcc72c6c6f2fefeb92c9700d
tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 662f4b7143446b3354fe21be25dda6a2ece6343990c4a1c18e9c89f4d72ef919
tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm	SHA-256: b8270c67eef66f537022d2e8ecf3b1f3b44521b82cc67b0e09171ec165b20fee
tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 860d7c3ccf9befe8a1cbeeefb546fbb6b3928a645d21cd26cc56b921728a0949
tomcat6-lib-6.0.24-98.el6_8.noarch.rpm	SHA-256: a9af58923685eaa3f005de06668241340c0725b8dc4521d5d8a8ccef7e4441fe
tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 8942bfe22a3edb8b1612758b66b2eb3bc88e5b6d5c7ad0a47a4a7e3b1e4e1f0d
tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: 599275e7920a406cafb588f6c8a218b78c6189070c0f2e3749641475ddaea873
i386
tomcat6-6.0.24-98.el6_8.noarch.rpm	SHA-256: d38d7d5654b19e1fe8eb6b66db6964c2536231e74afae194abb7925f106c4879
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: d60d94fff50be71664bc8ae5bb084c4c7bdcc4b8df8441d521e37484d0b99770
tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm	SHA-256: ea3da92998ebcfbb548da07606bba92e458f02b3bcc72c6c6f2fefeb92c9700d
tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 662f4b7143446b3354fe21be25dda6a2ece6343990c4a1c18e9c89f4d72ef919
tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm	SHA-256: b8270c67eef66f537022d2e8ecf3b1f3b44521b82cc67b0e09171ec165b20fee
tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 860d7c3ccf9befe8a1cbeeefb546fbb6b3928a645d21cd26cc56b921728a0949
tomcat6-lib-6.0.24-98.el6_8.noarch.rpm	SHA-256: a9af58923685eaa3f005de06668241340c0725b8dc4521d5d8a8ccef7e4441fe
tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 8942bfe22a3edb8b1612758b66b2eb3bc88e5b6d5c7ad0a47a4a7e3b1e4e1f0d
tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: 599275e7920a406cafb588f6c8a218b78c6189070c0f2e3749641475ddaea873

Red Hat Enterprise Linux Workstation 6

SRPM
tomcat6-6.0.24-98.el6_8.src.rpm	SHA-256: 8192313497d6a09574bdbda6572273d0d98524e9b6150f694a3dfd9a9c7f286e
x86_64
tomcat6-6.0.24-98.el6_8.noarch.rpm	SHA-256: d38d7d5654b19e1fe8eb6b66db6964c2536231e74afae194abb7925f106c4879
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: d60d94fff50be71664bc8ae5bb084c4c7bdcc4b8df8441d521e37484d0b99770
tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm	SHA-256: ea3da92998ebcfbb548da07606bba92e458f02b3bcc72c6c6f2fefeb92c9700d
tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 662f4b7143446b3354fe21be25dda6a2ece6343990c4a1c18e9c89f4d72ef919
tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm	SHA-256: b8270c67eef66f537022d2e8ecf3b1f3b44521b82cc67b0e09171ec165b20fee
tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 860d7c3ccf9befe8a1cbeeefb546fbb6b3928a645d21cd26cc56b921728a0949
tomcat6-lib-6.0.24-98.el6_8.noarch.rpm	SHA-256: a9af58923685eaa3f005de06668241340c0725b8dc4521d5d8a8ccef7e4441fe
tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 8942bfe22a3edb8b1612758b66b2eb3bc88e5b6d5c7ad0a47a4a7e3b1e4e1f0d
tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: 599275e7920a406cafb588f6c8a218b78c6189070c0f2e3749641475ddaea873
i386
tomcat6-6.0.24-98.el6_8.noarch.rpm	SHA-256: d38d7d5654b19e1fe8eb6b66db6964c2536231e74afae194abb7925f106c4879
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: d60d94fff50be71664bc8ae5bb084c4c7bdcc4b8df8441d521e37484d0b99770
tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm	SHA-256: ea3da92998ebcfbb548da07606bba92e458f02b3bcc72c6c6f2fefeb92c9700d
tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 662f4b7143446b3354fe21be25dda6a2ece6343990c4a1c18e9c89f4d72ef919
tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm	SHA-256: b8270c67eef66f537022d2e8ecf3b1f3b44521b82cc67b0e09171ec165b20fee
tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 860d7c3ccf9befe8a1cbeeefb546fbb6b3928a645d21cd26cc56b921728a0949
tomcat6-lib-6.0.24-98.el6_8.noarch.rpm	SHA-256: a9af58923685eaa3f005de06668241340c0725b8dc4521d5d8a8ccef7e4441fe
tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 8942bfe22a3edb8b1612758b66b2eb3bc88e5b6d5c7ad0a47a4a7e3b1e4e1f0d
tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: 599275e7920a406cafb588f6c8a218b78c6189070c0f2e3749641475ddaea873

Red Hat Enterprise Linux Desktop 6

SRPM
tomcat6-6.0.24-98.el6_8.src.rpm	SHA-256: 8192313497d6a09574bdbda6572273d0d98524e9b6150f694a3dfd9a9c7f286e
x86_64
tomcat6-6.0.24-98.el6_8.noarch.rpm	SHA-256: d38d7d5654b19e1fe8eb6b66db6964c2536231e74afae194abb7925f106c4879
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: d60d94fff50be71664bc8ae5bb084c4c7bdcc4b8df8441d521e37484d0b99770
tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm	SHA-256: ea3da92998ebcfbb548da07606bba92e458f02b3bcc72c6c6f2fefeb92c9700d
tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 662f4b7143446b3354fe21be25dda6a2ece6343990c4a1c18e9c89f4d72ef919
tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm	SHA-256: b8270c67eef66f537022d2e8ecf3b1f3b44521b82cc67b0e09171ec165b20fee
tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 860d7c3ccf9befe8a1cbeeefb546fbb6b3928a645d21cd26cc56b921728a0949
tomcat6-lib-6.0.24-98.el6_8.noarch.rpm	SHA-256: a9af58923685eaa3f005de06668241340c0725b8dc4521d5d8a8ccef7e4441fe
tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 8942bfe22a3edb8b1612758b66b2eb3bc88e5b6d5c7ad0a47a4a7e3b1e4e1f0d
tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: 599275e7920a406cafb588f6c8a218b78c6189070c0f2e3749641475ddaea873
i386
tomcat6-6.0.24-98.el6_8.noarch.rpm	SHA-256: d38d7d5654b19e1fe8eb6b66db6964c2536231e74afae194abb7925f106c4879
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: d60d94fff50be71664bc8ae5bb084c4c7bdcc4b8df8441d521e37484d0b99770
tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm	SHA-256: ea3da92998ebcfbb548da07606bba92e458f02b3bcc72c6c6f2fefeb92c9700d
tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 662f4b7143446b3354fe21be25dda6a2ece6343990c4a1c18e9c89f4d72ef919
tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm	SHA-256: b8270c67eef66f537022d2e8ecf3b1f3b44521b82cc67b0e09171ec165b20fee
tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 860d7c3ccf9befe8a1cbeeefb546fbb6b3928a645d21cd26cc56b921728a0949
tomcat6-lib-6.0.24-98.el6_8.noarch.rpm	SHA-256: a9af58923685eaa3f005de06668241340c0725b8dc4521d5d8a8ccef7e4441fe
tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 8942bfe22a3edb8b1612758b66b2eb3bc88e5b6d5c7ad0a47a4a7e3b1e4e1f0d
tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: 599275e7920a406cafb588f6c8a218b78c6189070c0f2e3749641475ddaea873

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
tomcat6-6.0.24-98.el6_8.src.rpm	SHA-256: 8192313497d6a09574bdbda6572273d0d98524e9b6150f694a3dfd9a9c7f286e
s390x
tomcat6-6.0.24-98.el6_8.noarch.rpm	SHA-256: d38d7d5654b19e1fe8eb6b66db6964c2536231e74afae194abb7925f106c4879
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: d60d94fff50be71664bc8ae5bb084c4c7bdcc4b8df8441d521e37484d0b99770
tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm	SHA-256: ea3da92998ebcfbb548da07606bba92e458f02b3bcc72c6c6f2fefeb92c9700d
tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 662f4b7143446b3354fe21be25dda6a2ece6343990c4a1c18e9c89f4d72ef919
tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm	SHA-256: b8270c67eef66f537022d2e8ecf3b1f3b44521b82cc67b0e09171ec165b20fee
tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 860d7c3ccf9befe8a1cbeeefb546fbb6b3928a645d21cd26cc56b921728a0949
tomcat6-lib-6.0.24-98.el6_8.noarch.rpm	SHA-256: a9af58923685eaa3f005de06668241340c0725b8dc4521d5d8a8ccef7e4441fe
tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 8942bfe22a3edb8b1612758b66b2eb3bc88e5b6d5c7ad0a47a4a7e3b1e4e1f0d
tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: 599275e7920a406cafb588f6c8a218b78c6189070c0f2e3749641475ddaea873

Red Hat Enterprise Linux for Power, big endian 6

SRPM
tomcat6-6.0.24-98.el6_8.src.rpm	SHA-256: 8192313497d6a09574bdbda6572273d0d98524e9b6150f694a3dfd9a9c7f286e
ppc64
tomcat6-6.0.24-98.el6_8.noarch.rpm	SHA-256: d38d7d5654b19e1fe8eb6b66db6964c2536231e74afae194abb7925f106c4879
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: d60d94fff50be71664bc8ae5bb084c4c7bdcc4b8df8441d521e37484d0b99770
tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm	SHA-256: ea3da92998ebcfbb548da07606bba92e458f02b3bcc72c6c6f2fefeb92c9700d
tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 662f4b7143446b3354fe21be25dda6a2ece6343990c4a1c18e9c89f4d72ef919
tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm	SHA-256: b8270c67eef66f537022d2e8ecf3b1f3b44521b82cc67b0e09171ec165b20fee
tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 860d7c3ccf9befe8a1cbeeefb546fbb6b3928a645d21cd26cc56b921728a0949
tomcat6-lib-6.0.24-98.el6_8.noarch.rpm	SHA-256: a9af58923685eaa3f005de06668241340c0725b8dc4521d5d8a8ccef7e4441fe
tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 8942bfe22a3edb8b1612758b66b2eb3bc88e5b6d5c7ad0a47a4a7e3b1e4e1f0d
tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: 599275e7920a406cafb588f6c8a218b78c6189070c0f2e3749641475ddaea873

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
tomcat6-6.0.24-98.el6_8.src.rpm	SHA-256: 8192313497d6a09574bdbda6572273d0d98524e9b6150f694a3dfd9a9c7f286e
x86_64
tomcat6-6.0.24-98.el6_8.noarch.rpm	SHA-256: d38d7d5654b19e1fe8eb6b66db6964c2536231e74afae194abb7925f106c4879
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: d60d94fff50be71664bc8ae5bb084c4c7bdcc4b8df8441d521e37484d0b99770
tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm	SHA-256: ea3da92998ebcfbb548da07606bba92e458f02b3bcc72c6c6f2fefeb92c9700d
tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 662f4b7143446b3354fe21be25dda6a2ece6343990c4a1c18e9c89f4d72ef919
tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm	SHA-256: b8270c67eef66f537022d2e8ecf3b1f3b44521b82cc67b0e09171ec165b20fee
tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 860d7c3ccf9befe8a1cbeeefb546fbb6b3928a645d21cd26cc56b921728a0949
tomcat6-lib-6.0.24-98.el6_8.noarch.rpm	SHA-256: a9af58923685eaa3f005de06668241340c0725b8dc4521d5d8a8ccef7e4441fe
tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm	SHA-256: 8942bfe22a3edb8b1612758b66b2eb3bc88e5b6d5c7ad0a47a4a7e3b1e4e1f0d
tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm	SHA-256: 599275e7920a406cafb588f6c8a218b78c6189070c0f2e3749641475ddaea873

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories