Oracle Linux 6273 Published by

A tomcat6 security update has been released for Oracle Linux 6 to address CVE-2020-1938 tomcat6: tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability.



Oracle Linux Security Advisory ELSA-2020-0912

http://linux.oracle.com/errata/ELSA-2020-0912.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
tomcat6-6.0.24-114.el6_10.noarch.rpm
tomcat6-admin-webapps-6.0.24-114.el6_10.noarch.rpm
tomcat6-docs-webapp-6.0.24-114.el6_10.noarch.rpm
tomcat6-el-2.1-api-6.0.24-114.el6_10.noarch.rpm
tomcat6-javadoc-6.0.24-114.el6_10.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-114.el6_10.noarch.rpm
tomcat6-lib-6.0.24-114.el6_10.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-114.el6_10.noarch.rpm
tomcat6-webapps-6.0.24-114.el6_10.noarch.rpm

x86_64:
tomcat6-6.0.24-114.el6_10.noarch.rpm
tomcat6-admin-webapps-6.0.24-114.el6_10.noarch.rpm
tomcat6-docs-webapp-6.0.24-114.el6_10.noarch.rpm
tomcat6-el-2.1-api-6.0.24-114.el6_10.noarch.rpm
tomcat6-javadoc-6.0.24-114.el6_10.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-114.el6_10.noarch.rpm
tomcat6-lib-6.0.24-114.el6_10.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-114.el6_10.noarch.rpm
tomcat6-webapps-6.0.24-114.el6_10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/tomcat6-6.0.24-114.el6_10.src.rpm


Description of changes:

[0:6.0.24-114]
- Related: rhbz#1806803 Update patch to remove secret attribute renaming

[0:6.0.24-113]
- Related: rhbz#1806803 Add IIS attributes to filter pattern and update
secret logic

[0:6.0.24-112]
- Resolves: rhbz#1806803 CVE-2020-1938 tomcat6: tomcat: Apache Tomcat
AJP File Read/Inclusion Vulnerability