Oval Definition:oval:com.redhat.rhsa:def:20110335
Revision Date:2011-03-09Version:651
Title:RHSA-2011:0335: tomcat6 security and bug fix update (Important)
Description:Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

  • A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)

  • A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially-crafted request containing a large NIO buffer size request value. (CVE-2011-0534)

    This update also fixes the following bug:

  • A bug in the "tomcat6" init script prevented additional Tomcat instances from starting. As well, running "service tomcat6 start" caused configuration options applied from "/etc/sysconfig/tomcat6" to be overwritten with those from "/etc/tomcat6/tomcat6.conf". With this update, multiple instances of Tomcat run as expected. (BZ#676922)

    Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2010-4476
    CVE-2010-4476
    CVE-2011-0534
    CVE-2011-0534
    RHSA-2011:0335
    RHSA-2011:0335-01
    RHSA-2011:0335-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • tomcat6 is earlier than 0:6.0.24-24.el6_0
  • AND tomcat6 is signed with Red Hat redhatrelease2 key
  • tomcat6-admin-webapps is earlier than 0:6.0.24-24.el6_0
  • AND tomcat6-admin-webapps is signed with Red Hat redhatrelease2 key
  • tomcat6-docs-webapp is earlier than 0:6.0.24-24.el6_0
  • AND tomcat6-docs-webapp is signed with Red Hat redhatrelease2 key
  • tomcat6-el-2.1-api is earlier than 0:6.0.24-24.el6_0
  • AND tomcat6-el-2.1-api is signed with Red Hat redhatrelease2 key
  • tomcat6-javadoc is earlier than 0:6.0.24-24.el6_0
  • AND tomcat6-javadoc is signed with Red Hat redhatrelease2 key
  • tomcat6-jsp-2.1-api is earlier than 0:6.0.24-24.el6_0
  • AND tomcat6-jsp-2.1-api is signed with Red Hat redhatrelease2 key
  • tomcat6-lib is earlier than 0:6.0.24-24.el6_0
  • AND tomcat6-lib is signed with Red Hat redhatrelease2 key
  • tomcat6-log4j is earlier than 0:6.0.24-24.el6_0
  • AND tomcat6-log4j is signed with Red Hat redhatrelease2 key
  • tomcat6-servlet-2.5-api is earlier than 0:6.0.24-24.el6_0
  • AND tomcat6-servlet-2.5-api is signed with Red Hat redhatrelease2 key
  • tomcat6-webapps is earlier than 0:6.0.24-24.el6_0
  • AND tomcat6-webapps is signed with Red Hat redhatrelease2 key
    • BACK