CLSA-2022-1655757814

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1655757814.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2022-1655757814

Upstream

CVE-2020-1938

CVE-2020-9484

CVE-2021-25329

Published

2022-06-20T20:43:34Z

Modified

2026-06-04T09:46:00.253726994Z

Summary

Fix CVE(s): CVE-2020-1938, CVE-2020-9484, CVE-2021-25329

Details

Fix build process:
- debian/keystores/.pem|.jks: update expiring certs and keystores
- debian/patches/0028-update-expiring-test-certs.patch: update expiring test certs
- debian/patches/0029-fix-path-to-valid-keystore.patch: fix path to valid keystore
- debian/patches/0030-use-tls12-in-tests.patch: use TLSv1.2 protocol instead of TLSv1 for several tests
SECURITY UPDATE: AJP Request Injection and potential Remote Code Execution
- debian/patches/CVE-2020-1938-1.patch: rename requiredSecret to secret and add secretRequired
- debian/patches/CVE-2020-1938-2.patch: refactor secret check
- debian/patches/CVE-2020-1938-3.patch: add new AJP attribute allowedArbitraryRequestAttributes
- debian/patches/CVE-2020-1938-4.patch: change the default bind address for AJP to the loopback address
- CVE-2020-1938
SECURITY UPDATE: Remote Code Execution via session persistence
- debian/patches/CVE-2020-9484.patch: improve validation of storage location when using FileStore
- CVE-2020-9484
SECURITY UPDATE: Fix for CVE-2020-9484 was incomplete
- debian/patches/CVE-2021-25329.patch: use consistent approach for sub-directory checking
- CVE-2021-25329

References

https://errata.cloudlinux.com/ubuntu16_04/CLSA-2022-1655757814

Affected packages

TuxCare:Ubuntu:16.04

libservlet3.0-java

Package

Name: libservlet3.0-java
Purl: pkg:deb/tuxcare/libservlet3.0-java?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1655757814.json"

libservlet3.0-java-doc

Package

Name: libservlet3.0-java-doc
Purl: pkg:deb/tuxcare/libservlet3.0-java-doc?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1655757814.json"

libtomcat7-java

Package

Name: libtomcat7-java
Purl: pkg:deb/tuxcare/libtomcat7-java?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1655757814.json"

tomcat7

Package

Name: tomcat7
Purl: pkg:deb/tuxcare/tomcat7?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1655757814.json"

tomcat7-admin

Package

Name: tomcat7-admin
Purl: pkg:deb/tuxcare/tomcat7-admin?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1655757814.json"

tomcat7-common

Package

Name: tomcat7-common
Purl: pkg:deb/tuxcare/tomcat7-common?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1655757814.json"

tomcat7-docs

Package

Name: tomcat7-docs
Purl: pkg:deb/tuxcare/tomcat7-docs?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1655757814.json"

tomcat7-examples

Package

Name: tomcat7-examples
Purl: pkg:deb/tuxcare/tomcat7-examples?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1655757814.json"

tomcat7-user

Package

Name: tomcat7-user
Purl: pkg:deb/tuxcare/tomcat7-user?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1655757814.json"