Bug 429835
Summary: | CVE-2008-0128 tomcat5 SSO cookie login information disclosure [rhn_satellite_5.0] | ||
---|---|---|---|
Product: | Red Hat Satellite 5 | Reporter: | Marc Schoenefeld <mschoene> |
Component: | Other | Assignee: | Miroslav Suchý <msuchy> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | wes hayutin <whayutin> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 500 | CC: | jclere, pcheung |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sat502 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-05-20 21:13:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 429320, 429821, 438231 |
Description
Marc Schoenefeld
2008-01-23 11:12:04 UTC
The fix is something like http://svn.apache.org/viewvc?view=rev&revision=500626 > [16:02] <fnasser_home> msuchy, pong > [16:03] <msuchy> fnasser_inmtg: can you apply this patch https://bugzilla.redhat.com/show_bug.cgi?id=429835#c2 to tomcat5 and rebuild it? > [16:04] <msuchy> fnasser_inmtg: I need to import to RHN Satellite > [16:06] <fnasser_inmtg> msuchy, Sure, but please send it to me by e-mail, with a release going on I need something better than irc to track tasks. Which release of tomcat? 5.0.30 right? Is it security? > [16:06] <fnasser_inmtg> msuchy, If it is security related please cc Marc (do you know Marc? If not I reply adding cc's for you) > [16:06] <msuchy> fnasser_inmtg: we have tomcat5-5.0.27-2jpp_1rh > [16:06] <msuchy> fnasser_inmtg: so 5.0.30 should be ok [16:07] <fnasser_inmtg> msuchy, I want to keep Jean-Frederic ( jclere here) and Remy on the loop as well > [16:07] <msuchy> fnasser_inmtg: it is reported by Marc > [16:07] <fnasser_inmtg> msuchy, Yes, we did upgrade from 27 to 30 in our legacy JBoss AS releases > [16:07] <msuchy> fnasser_inmtg: I sent you email with this last week :) I will send you it again [16:07] <fnasser_inmtg> msuchy, Better yet. But cc him, so he knows we are applying that > [16:08] <fnasser_inmtg> msuchy, I will build and release this tomcat as part of the next month ASPATCH CP releases as well > [16:08] <msuchy> fnasser_inmtg: I need it for release of Satellite, which is in 14th April > [16:09] <fnasser_inmtg> msuchy, The ASPATCH CPs are on April 15th, so all is fine. I plan to do it asap though, as I want to get it out of the way > > [root@rlx-3-18 ~]# rpm -q tomcat5 tomcat5-5.0.30-0jpp_10rh [root@rlx-3-18 ~]# hostname rlx-3-18.rhndev.redhat.com [root@rlx-3-18 ~]# date Mon Apr 21 12:34:16 EDT 2008 verified build 2 release pending 5.0.2 Satellite is now GA, bugs Closed for Current Release. |