Issued:
2008-12-08
Updated:
2008-12-08

RHSA-2008:1007 - Low: tomcat security update for Red Hat Network Satellite Server

Synopsis

Low: tomcat security update for Red Hat Network Satellite Server

Type/Severity

Security Advisory Low

Topic

Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server.

This update has been rated as having low security impact by the Red Hat Security Response Team.

Description

This update corrects several security vulnerabilities in the Tomcat component shipped as part of Red Hat Network Satellite Server. In a typical operating environment, Tomcat is not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments.

Multiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)

Users of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update to these Tomcat packages which resolve these issues.

Solution

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.http://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html

Affected Products

ProductVersionArch
Red Hat Network Satellite 5.1 (for RHEL Server)5.1x86_64
Red Hat Network Satellite 5.1 (for RHEL Server)5.1i386
Red Hat Network Satellite 5.1 (for RHEL Mainframe)5.1s390x
Red Hat Network Satellite 5.1 (for RHEL Mainframe)5.1s390
Red Hat Network Satellite 4.2,5.0 (for RHEL Server)5.0i386

Updated Packages

  • tomcat5-5.0.30-0jpp_12rh.noarch.rpm

Fixes

CVEs

References

Additional information