Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: Server 12.04: Any hope for CVE-2013-2067 patch soon?

  1. December 18th, 2013 #11
    CharlesA's Avatar
    CharlesA
    CharlesA is offline What are you planning?
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: Server 12.04: Any hope for CVE-2013-2067 patch soon?

    Check here:
    https://security-tracker.debian.org/.../CVE-2013-2067

    (You'll get an invalid ssl cert message for some reason)

    Debian hasn't fixed the flaw in Tomcat 7 in Wheezy, but it is Fixed in Jessie and Sid.
    Tomcat 6 is fine, too.

    Personally, I would just download it and compile it from source (http://tomcat.apache.org/download-70.cgi) if it was that big of a problem.

    Note: This might cause issues down the line as far as staying up-to-date.
    Last edited by CharlesA; December 18th, 2013 at 01:51 AM.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...
    Advanced reply Adv Reply  
  2. December 18th, 2013 #12
    bashiergui's Avatar
    bashiergui
    bashiergui is offline Grande Half-n-Half Cinnamon Ubuntu
    Join Date
    Nov 2013
    Location
    On the edge
    Beans
    872
    Distro
    Ubuntu

    Re: Server 12.04: Any hope for CVE-2013-2067 patch soon?

    So that could be the temporary stop-gap. Dowload the tar ball and install the latest tomcat version. Then when ubuntu has updated the version in the repos revert back to that one.

    Do you have a waf or any other compensating controls that would mitigat exploitation of this vulnerability? That might make the auditors happy.
    Advanced reply Adv Reply  
Page 2 of 2 FirstFirst 12
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct