[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1491-1] tomcat8 security update

Package        : tomcat8
Version        : 8.0.14-1+deb8u13
CVE ID         : CVE-2018-1336 CVE-2018-8034

Two security issues have been discovered in the Tomcat servlet and JSP


  An improper handing of overflow in the UTF-8 decoder with
  supplementary characters can lead to an infinite loop in the decoder
  causing a Denial of Service.


  The host name verification when using TLS with the WebSocket client
  was missing. It is now enabled by default.

For Debian 8 "Jessie", these problems have been fixed in version

We recommend that you upgrade your tomcat8 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to: