Re: [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
On Don, 2008-01-03 at 22:54 +0100, Moritz Muehlenhoff wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-1447-1 security@debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> January 03, 2008 http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
>
> Package : tomcat5.5
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE Id(s) : CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 CVE-2007-5461
>
installing the update breaks webapps
with the following error
org.apache.commons.logging.LogConfigurationException: java.security.AccessControlException: access denied (java.io.FilePermission /home/nihil/www/java/WEB-INF/classes/logging.properties read) (Caused by java.security.AccessControlException: access denied (java.io.FilePermission /home/nihil/www/java/WEB-INF/classes/logging.properties read))
(it worked before the update and permission are set correctly, i double checked)
this is also the case for tomcat5.5-webapps packages which doesnt work anymore.
best regards, michael
Reply to: