-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 Oct 2023 18:20:19 +0200 Source: tomcat9 Architecture: source Version: 9.0.43-2~deb11u7 Distribution: bullseye-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebourg@apache.org> Changes: tomcat9 (9.0.43-2~deb11u7) bullseye-security; urgency=high . * Fix CVE-2023-45648: Request smuggling. Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. * Fix CVE-2023-44487: DoS caused by HTTP/2 frame overhead (Rapid Reset Attack) * Fix CVE-2023-42795: Information Disclosure. When recycling various internal objects, including the request and the response, prior to re-use by the next request/response, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. * Fix CVE-2023-41080: Open redirect. If the ROOT (default) web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger a redirect to an URL of the attackers choice. * Fix CVE-2023-28709: Denial of Service. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur. * Fix CVE-2023-24998: Denial of service. Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, therefore, also vulnerable to the Commons FileUpload vulnerability CVE-2023-24998 as there was no limit to the number of request parts processed. This resulted in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Checksums-Sha1: 2a0945b83bfac8887eb5c55149afd28d21cfc948 2780 tomcat9_9.0.43-2~deb11u7.dsc 9abf966cb62d37cf28aed8898167811f7f45595f 56628 tomcat9_9.0.43-2~deb11u7.debian.tar.xz b5aea0387d6ff9043e01ac97bf15de80bda4e1bb 15720 tomcat9_9.0.43-2~deb11u7_source.buildinfo Checksums-Sha256: 983195283b8588257c8efad58ebb1e20acbf97ed120d387e477b086aec6acff1 2780 tomcat9_9.0.43-2~deb11u7.dsc d066ae60e841ef1cf686317ccad7d171359b2b134ab371c74c28d8e4eaec903b 56628 tomcat9_9.0.43-2~deb11u7.debian.tar.xz 2cf86b131c8fd4e8f2d7d2b3cca28525c94849b03ed673427eb30eebb8944747 15720 tomcat9_9.0.43-2~deb11u7_source.buildinfo Files: 6c4be1fcce11600400f3d4d75c1cbb01 2780 java optional tomcat9_9.0.43-2~deb11u7.dsc 93ec085de9049bc31df355a261bc661c 56628 java optional tomcat9_9.0.43-2~deb11u7.debian.tar.xz 9f172aa457f0338b4f3552b206ca6fdf 15720 java optional tomcat9_9.0.43-2~deb11u7_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAmUlkK0SHGVib3VyZ0Bh cGFjaGUub3JnAAoJEPUTxBnkudCs3LIP/jPdw5+JGsJyR/7jofrZ4Kb1mRByNBxF Z7JwJZh3s99VYpgLRBS3/B1xHFwYHlP1fsx3HYUYX+0ZLBXZn9dV4lWDkVqBWMSM d6JkWcEYkPv1Vt/+8Wh+jC6m2yEOzHTc+j4/g+0rNT8eYOgC3KydRy0jYoCiyJ+t zN82eCUbs3uKAfEl8g+doZXSi9coVDx0IDr4gj1UIl3149SNPI5HlEbc/hl6uNRJ Pt56LmKWn/M/jsrL5e4l3CdRwVq9PlwnNp554KZzKgouFbu3n/6CKq5iHjZSn5RU lvqGwBgBTbgzBkoORAUb2+s+/V5GbYQZs96hiD2NERmnK9NCBdpQI+oUdZTHVt9L TgJmhNTYrKxDtPYOZhPnujq2SI+tqxLUOBHok64fe6WBpT1MwZ9Fh4Nh6UYZdY1T z2r7ZskXxiGOzED4zCkdGZU60KSkNB1ADHm1CJTd5nFl4Vpg4IDJMgndcuXVpcTm eyfkEqo0adPYvqNyYLzxLjKATJUVNi5w1siPEjRU+TLQW+EA659hDzOi43k/0ZMh t8gcY80/CSFkLrZ2I+HS9pnq5MMKGhAZALCP1x4cXMIvtcxdDk5Ntd9q4/30MCHG wp0IBfkL2Pw8wCOU3CznrL1DOt+mLC/9H4sZEksgXcc2aU+0al1JvYPJ08ok4Mgm IqIJFb8iWlU9 =KHJE -----END PGP SIGNATURE-----