USN-4791-1: Apache Tomcat 7 vulnerabilities
15 March 2021
Several security issues were fixed in Apache Tomcat 7.
Releases
Packages
- tomcat7 - Servlet and JSP engine
Details
It was discovered that Apache Tomcat 7 did not protect applications from the
presence of untrusted client data in an environment variable. A remote
attacker could possible use this vulnerability to redirect the traffic to an
arbitrary proxy and obtain sensitive information. (CVE-2016-5388)
It was discovered that Apache Tomcat 7 mishandled specially crafted input.
An attacker could use this vulnerability to cause a denial of service.
(CVE-2018-1336)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
tomcat7-common
-
7.0.68-1ubuntu0.4+esm1
Available with Ubuntu Pro
-
libservlet3.0-java
-
7.0.68-1ubuntu0.4+esm1
Available with Ubuntu Pro
-
tomcat7
-
7.0.68-1ubuntu0.4+esm1
Available with Ubuntu Pro
-
libtomcat7-java
-
7.0.68-1ubuntu0.4+esm1
Available with Ubuntu Pro
-
tomcat7-user
-
7.0.68-1ubuntu0.4+esm1
Available with Ubuntu Pro
-
tomcat7-admin
-
7.0.68-1ubuntu0.4+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-3177-1: tomcat7-admin, tomcat7-docs, libservlet3.1-java, libtomcat8-java, tomcat7-examples, tomcat8-examples, libservlet3.0-java, tomcat8-common, libtomcat7-java, tomcat6, tomcat8-admin, libservlet3.1-java-doc, tomcat7-user, tomcat8-user, tomcat7-common, libtomcat6-java, tomcat8, tomcat8-docs, tomcat7, libservlet3.0-java-doc
- USN-3723-1: tomcat8-examples, libservlet3.0-java, tomcat7-common, tomcat7-user, libtomcat7-java, tomcat8-common, libtomcat8-java, tomcat7-admin, tomcat8, tomcat8-admin, tomcat8-docs, libservlet3.1-java-doc, tomcat7-docs, tomcat7-examples, libservlet3.1-java, tomcat8-user, tomcat7, libservlet3.0-java-doc