ALAS-2015-525


Amazon Linux AMI Security Advisory: ALAS-2015-525
Advisory Release Date: 2015-05-14 23:50 Pacific
Severity: Medium

Issue Overview:

It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service.


Affected Packages:

tomcat6


Issue Correction:
Run yum update tomcat6 to update your system.

New Packages:
noarch:
    tomcat6-docs-webapp-6.0.43-1.2.amzn1.noarch
    tomcat6-admin-webapps-6.0.43-1.2.amzn1.noarch
    tomcat6-6.0.43-1.2.amzn1.noarch
    tomcat6-jsp-2.1-api-6.0.43-1.2.amzn1.noarch
    tomcat6-webapps-6.0.43-1.2.amzn1.noarch
    tomcat6-javadoc-6.0.43-1.2.amzn1.noarch
    tomcat6-lib-6.0.43-1.2.amzn1.noarch
    tomcat6-el-2.1-api-6.0.43-1.2.amzn1.noarch
    tomcat6-servlet-2.5-api-6.0.43-1.2.amzn1.noarch

src:
    tomcat6-6.0.43-1.2.amzn1.src