Debian 10206 Published by

A tomcat7 security update has been released for Debian GNU/Linux 8 LTS to address a potential remote code execution via deserialization in tomcat7.



DLA 2217-1: tomcat7 security update

Package : tomcat7
Version : 7.0.56-3+really7.0.100-1+deb8u1
CVE ID : CVE-2020-9484
Debian Bug : #961209

It was discovered that there was a potential remote code execution
via deserialization in tomcat7, a server for HTTP and Java "servlets".

For Debian 8 "Jessie", this issue has been fixed in tomcat7 version
7.0.56-3+really7.0.100-1+deb8u1.

We recommend that you upgrade your tomcat7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS