Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
From: chdh <chdh@inventec.ch>
Date: Sun, 13 Jan 2008 13:10:25 -0800 (PST)
Message-id: <[🔎] 64ac5984-da1f-4825-8035-49aac7235b8a@v29g2000hsf.googlegroups.com>
References: <20080103215449.GA12756@galadriel.inutil.org> <[🔎] 1199525586.8906.7.camel@localhost>

> AccessControlException: access denied ... logging.properties read

This is a consequence of the patch of /etc/tomcat5.5/policy.d/
03catalina.policy for CVE-2007-5342 (http://cve.mitre.org/cgi-bin/
cvename.cgi?name=CVE-2007-5342).

One possible solution is to undo the patch by adding "permission
java.security.AllPermission;" to the permissions of "tomcat-juli.jar"
in 03catalina.policy.

Reply to:

Follow-Ups:
- Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
  - From: Nihil <nihil@nanihil.com>

References:
- Re: [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
  - From: Nihil <nihil@nanihil.com>

Prev by Date: xine-lib (etch) buffer overflow fix
Next by Date: Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
Previous by thread: Re: [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
Next by thread: Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
Index(es):
- Date
- Thread