[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities

On Don, 2008-01-03 at 22:54 +0100, Moritz Muehlenhoff wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-1447-1                  security@debian.org
> http://www.debian.org/security/                       Moritz Muehlenhoff
> January 03, 2008                      http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
> 
> Package        : tomcat5.5
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE Id(s)      : CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 CVE-2007-5461
> 


installing the update breaks webapps

with the following error
org.apache.commons.logging.LogConfigurationException: java.security.AccessControlException: access denied (java.io.FilePermission /home/nihil/www/java/WEB-INF/classes/logging.properties read) (Caused by java.security.AccessControlException: access denied (java.io.FilePermission /home/nihil/www/java/WEB-INF/classes/logging.properties read))
(it worked before the update and permission are set correctly, i double checked)

this is also the case for tomcat5.5-webapps packages which doesnt work anymore.

best regards, michael
Reply to: