Amazon Linux 1 Security Advisory: ALAS-2013-196
Advisory Release Date: 2013-06-11 22:44 Pacific
Advisory Updated Date: 2014-09-15 23:08 Pacific
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
Affected Packages:
tomcat6
Issue Correction:
Run yum update tomcat6 to update your system.
noarch:
tomcat6-admin-webapps-6.0.37-1.1.amzn1.noarch
tomcat6-webapps-6.0.37-1.1.amzn1.noarch
tomcat6-el-2.1-api-6.0.37-1.1.amzn1.noarch
tomcat6-6.0.37-1.1.amzn1.noarch
tomcat6-lib-6.0.37-1.1.amzn1.noarch
tomcat6-servlet-2.5-api-6.0.37-1.1.amzn1.noarch
tomcat6-javadoc-6.0.37-1.1.amzn1.noarch
tomcat6-jsp-2.1-api-6.0.37-1.1.amzn1.noarch
tomcat6-docs-webapp-6.0.37-1.1.amzn1.noarch
src:
tomcat6-6.0.37-1.1.amzn1.src