Red Hat 9042 Published by

The following security updates are available for Red Hat Enterprise Linux:

- [RHSA-2010:0583-01] Important: tomcat5 security update
- [RHSA-2010:0585-01] Moderate: lftp security update
- [RHSA-2010:0582-01] Important: tomcat5 security update
- [RHSA-2010:0580-01] Important: tomcat5 security update



[RHSA-2010:0583-01] Important: tomcat5 security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: tomcat5 security update
Advisory ID: RHSA-2010:0583-01
Product: Red Hat Developer Suite v.3
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0583.html
Issue date: 2010-08-02
CVE Names: CVE-2010-2227
=====================================================================

1. Summary:

Updated tomcat5 packages that fix one security issue are now available for
Red Hat Developer Suite 3.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Developer Suite v.3 (AS v.4) - noarch
Red Hat Developer Suite v.3 (ES v.4) - noarch
Red Hat Developer Suite v.3 (WS v.4) - noarch

3. Description:

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A flaw was found in the way Tomcat handled the Transfer-Encoding header in
HTTP requests. A specially-crafted HTTP request could prevent Tomcat from
sending replies, or cause Tomcat to return truncated replies, or replies
containing data related to the requests of other users, for all subsequent
HTTP requests. (CVE-2010-2227)

Users of Tomcat should upgrade to these updated packages, which contain a
backported patch to resolve this issue. Tomcat must be restarted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

612799 - CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header

6. Package List:

Red Hat Developer Suite v.3 (AS v.4):

Source:
tomcat5-5.5.23-0jpp_21rh.src.rpm

noarch:
tomcat5-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-common-lib-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-jasper-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-server-lib-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp_21rh.noarch.rpm

Red Hat Developer Suite v.3 (ES v.4):

Source:
tomcat5-5.5.23-0jpp_21rh.src.rpm

noarch:
tomcat5-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-common-lib-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-jasper-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-server-lib-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp_21rh.noarch.rpm

Red Hat Developer Suite v.3 (WS v.4):

Source:
tomcat5-5.5.23-0jpp_21rh.src.rpm

noarch:
tomcat5-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-common-lib-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-jasper-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-server-lib-5.5.23-0jpp_21rh.noarch.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp_21rh.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2227.html
http://www.redhat.com/security/updates/classification/#important
http://tomcat.apache.org/security-5.html

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
[RHSA-2010:0585-01] Moderate: lftp security update
=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: lftp security update
Advisory ID: RHSA-2010:0585-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0585.html
Issue date: 2010-08-02
CVE Names: CVE-2010-2251
=====================================================================

1. Summary:

An updated lftp package that fixes one security issue is now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

LFTP is a sophisticated file transfer program for the FTP and HTTP
protocols. Like Bash, it has job control and uses the Readline library for
input. It has bookmarks, built-in mirroring, and can transfer several files
in parallel. It is designed with reliability in mind.

It was discovered that lftp trusted the file name provided in the
Content-Disposition HTTP header. A malicious HTTP server could use this
flaw to write or overwrite files in the current working directory of a
victim running lftp, by sending a different file from what the victim
requested. (CVE-2010-2251)

To correct this flaw, the following changes were made to lftp: the
"xfer:clobber" option now defaults to "no", causing lftp to not overwrite
existing files, and a new option, "xfer:auto-rename", which defaults to
"no", has been introduced to control whether lftp should use
server-suggested file names. Refer to the "Settings" section of the lftp(1)
manual page for additional details on changing lftp settings.

All lftp users should upgrade to this updated package, which contains a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

591580 - CVE-2010-2251 lftp: multiple HTTP client download filename vulnerability [OCERT 2010-001]

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/lftp-3.7.11-4.el5_5.3.src.rpm

i386:
lftp-3.7.11-4.el5_5.3.i386.rpm
lftp-debuginfo-3.7.11-4.el5_5.3.i386.rpm

x86_64:
lftp-3.7.11-4.el5_5.3.x86_64.rpm
lftp-debuginfo-3.7.11-4.el5_5.3.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/lftp-3.7.11-4.el5_5.3.src.rpm

i386:
lftp-3.7.11-4.el5_5.3.i386.rpm
lftp-debuginfo-3.7.11-4.el5_5.3.i386.rpm

ia64:
lftp-3.7.11-4.el5_5.3.ia64.rpm
lftp-debuginfo-3.7.11-4.el5_5.3.ia64.rpm

ppc:
lftp-3.7.11-4.el5_5.3.ppc.rpm
lftp-debuginfo-3.7.11-4.el5_5.3.ppc.rpm

s390x:
lftp-3.7.11-4.el5_5.3.s390x.rpm
lftp-debuginfo-3.7.11-4.el5_5.3.s390x.rpm

x86_64:
lftp-3.7.11-4.el5_5.3.x86_64.rpm
lftp-debuginfo-3.7.11-4.el5_5.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2251.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
[RHSA-2010:0582-01] Important: tomcat5 security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: tomcat5 security update
Advisory ID: RHSA-2010:0582-01
Product: Red Hat Application Server
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0582.html
Issue date: 2010-08-02
CVE Names: CVE-2009-2693 CVE-2009-2902 CVE-2010-2227
=====================================================================

1. Summary:

Updated tomcat5 packages that fix three security issues are now available
for Red Hat Application Server v2.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Application Server v2 4AS - noarch
Red Hat Application Server v2 4ES - noarch
Red Hat Application Server v2 4WS - noarch

3. Description:

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A flaw was found in the way Tomcat handled the Transfer-Encoding header in
HTTP requests. A specially-crafted HTTP request could prevent Tomcat from
sending replies, or cause Tomcat to return truncated replies, or replies
containing data related to the requests of other users, for all subsequent
HTTP requests. (CVE-2010-2227)

Two directory traversal flaws were found in the Tomcat deployment process.
A specially-crafted WAR file could, when deployed, cause a file to be
created outside of the web root into any directory writable by the Tomcat
user, or could lead to the deletion of files in the Tomcat host's work
directory. (CVE-2009-2693, CVE-2009-2902)

Users of Tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues. Tomcat must be restarted for
this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

559738 - CVE-2009-2693 tomcat: unexpected file deletion and/or alteration
559761 - CVE-2009-2902 tomcat: unexpected file deletion in work directory
612799 - CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header

6. Package List:

Red Hat Application Server v2 4AS:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/RHAPS/SRPMS/tomcat5-5.5.23-0jpp_4rh.17.src.rpm

noarch:
tomcat5-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-admin-webapps-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-common-lib-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-jasper-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-server-lib-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-webapps-5.5.23-0jpp_4rh.17.noarch.rpm

Red Hat Application Server v2 4ES:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/RHAPS/SRPMS/tomcat5-5.5.23-0jpp_4rh.17.src.rpm

noarch:
tomcat5-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-admin-webapps-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-common-lib-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-jasper-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-server-lib-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-webapps-5.5.23-0jpp_4rh.17.noarch.rpm

Red Hat Application Server v2 4WS:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/RHAPS/SRPMS/tomcat5-5.5.23-0jpp_4rh.17.src.rpm

noarch:
tomcat5-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-admin-webapps-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-common-lib-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-jasper-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-server-lib-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp_4rh.17.noarch.rpm
tomcat5-webapps-5.5.23-0jpp_4rh.17.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-2693.html
https://www.redhat.com/security/data/cve/CVE-2009-2902.html
https://www.redhat.com/security/data/cve/CVE-2010-2227.html
http://www.redhat.com/security/updates/classification/#important
http://tomcat.apache.org/security-5.html

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
[RHSA-2010:0580-01] Important: tomcat5 security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: tomcat5 security update
Advisory ID: RHSA-2010:0580-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0580.html
Issue date: 2010-08-02
CVE Names: CVE-2009-2693 CVE-2009-2696 CVE-2009-2902
CVE-2010-2227
=====================================================================

1. Summary:

Updated tomcat5 packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A flaw was found in the way Tomcat handled the Transfer-Encoding header in
HTTP requests. A specially-crafted HTTP request could prevent Tomcat from
sending replies, or cause Tomcat to return truncated replies, or replies
containing data related to the requests of other users, for all subsequent
HTTP requests. (CVE-2010-2227)

The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text
stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw
in the examples calendar application. With some web browsers, remote
attackers could use this flaw to inject arbitrary web script or HTML via
the "time" parameter. (CVE-2009-2696)

Two directory traversal flaws were found in the Tomcat deployment process.
A specially-crafted WAR file could, when deployed, cause a file to be
created outside of the web root into any directory writable by the Tomcat
user, or could lead to the deletion of files in the Tomcat host's work
directory. (CVE-2009-2693, CVE-2009-2902)

Users of Tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues. Tomcat must be restarted for
this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

559738 - CVE-2009-2693 tomcat: unexpected file deletion and/or alteration
559761 - CVE-2009-2902 tomcat: unexpected file deletion in work directory
612799 - CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header
616717 - CVE-2009-2696 tomcat: missing fix for CVE-2009-0781

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.9.el5_5.src.rpm

i386:
tomcat5-debuginfo-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.i386.rpm

x86_64:
tomcat5-debuginfo-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.9.el5_5.src.rpm

i386:
tomcat5-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-common-lib-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-debuginfo-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-jasper-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-server-lib-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-webapps-5.5.23-0jpp.9.el5_5.i386.rpm

x86_64:
tomcat5-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-common-lib-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-debuginfo-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-jasper-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-server-lib-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-webapps-5.5.23-0jpp.9.el5_5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tomcat5-5.5.23-0jpp.9.el5_5.src.rpm

i386:
tomcat5-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-common-lib-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-debuginfo-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-jasper-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-server-lib-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.i386.rpm
tomcat5-webapps-5.5.23-0jpp.9.el5_5.i386.rpm

ia64:
tomcat5-5.5.23-0jpp.9.el5_5.ia64.rpm
tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.ia64.rpm
tomcat5-common-lib-5.5.23-0jpp.9.el5_5.ia64.rpm
tomcat5-debuginfo-5.5.23-0jpp.9.el5_5.ia64.rpm
tomcat5-jasper-5.5.23-0jpp.9.el5_5.ia64.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.ia64.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.ia64.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.ia64.rpm
tomcat5-server-lib-5.5.23-0jpp.9.el5_5.ia64.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.ia64.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.ia64.rpm
tomcat5-webapps-5.5.23-0jpp.9.el5_5.ia64.rpm

ppc:
tomcat5-5.5.23-0jpp.9.el5_5.ppc.rpm
tomcat5-5.5.23-0jpp.9.el5_5.ppc64.rpm
tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.ppc.rpm
tomcat5-common-lib-5.5.23-0jpp.9.el5_5.ppc.rpm
tomcat5-debuginfo-5.5.23-0jpp.9.el5_5.ppc.rpm
tomcat5-debuginfo-5.5.23-0jpp.9.el5_5.ppc64.rpm
tomcat5-jasper-5.5.23-0jpp.9.el5_5.ppc.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.ppc.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.ppc.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.ppc.rpm
tomcat5-server-lib-5.5.23-0jpp.9.el5_5.ppc.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.ppc.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.ppc.rpm
tomcat5-webapps-5.5.23-0jpp.9.el5_5.ppc.rpm

s390x:
tomcat5-5.5.23-0jpp.9.el5_5.s390x.rpm
tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.s390x.rpm
tomcat5-common-lib-5.5.23-0jpp.9.el5_5.s390x.rpm
tomcat5-debuginfo-5.5.23-0jpp.9.el5_5.s390x.rpm
tomcat5-jasper-5.5.23-0jpp.9.el5_5.s390x.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.s390x.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.s390x.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.s390x.rpm
tomcat5-server-lib-5.5.23-0jpp.9.el5_5.s390x.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.s390x.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.s390x.rpm
tomcat5-webapps-5.5.23-0jpp.9.el5_5.s390x.rpm

x86_64:
tomcat5-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-common-lib-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-debuginfo-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-jasper-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-server-lib-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5.x86_64.rpm
tomcat5-webapps-5.5.23-0jpp.9.el5_5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-2693.html
https://www.redhat.com/security/data/cve/CVE-2009-2696.html
https://www.redhat.com/security/data/cve/CVE-2009-2902.html
https://www.redhat.com/security/data/cve/CVE-2010-2227.html
http://www.redhat.com/security/updates/classification/#important
http://tomcat.apache.org/security-5.html

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.