USN-3081-2: Tomcat vulnerability
27 October 2020
The system could be made to run programs as an administrator.
Releases
Packages
- tomcat6 - Servlet and JSP engine
Details
Dawid Golunski discovered that the Tomcat init script incorrectly handled
creating log files. A remote attacker could possibly use this issue to
obtain root privileges.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-3081-1: libtomcat7-java, tomcat6, tomcat7-examples, tomcat7-docs, libtomcat8-java, tomcat7-user, libservlet3.0-java-doc, libservlet3.1-java-doc, libservlet3.1-java, tomcat7-admin, tomcat7, tomcat8-docs, libservlet3.0-java, tomcat8-examples, tomcat8-common, tomcat8, tomcat7-common, tomcat8-admin, tomcat8-user, libtomcat6-java