CLSA-2024-1724260496

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1724260496.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2024-1724260496

Upstream

CVE-2020-9484

CVE-2021-25329

CVE-2022-23181

Published

2024-08-21T17:14:59Z

Modified

2026-06-04T09:46:46.353935323Z

Summary

Fix CVE(s): CVE-2020-9484, CVE-2021-25329, CVE-2022-23181

Details

SECURITY UPDATE: still vulnerable to CVE-2020-9484 with a configuration edge case
- debian/patches/CVE-2021-25329.patch: use java.nio.file.Path for consistent sub-directory checking
- CVE-2021-25329
SECURITY UPDATE: time-of-check to time-of-use vulnerability introduced by the CVE-2020-9484 fix
- debian/patches/CVE-2022-23181.patch: make calculation of session storage location more robust
- CVE-2022-23181
Internal tests:
- debian/rules: fail the build if some of the tests have failed
- debian/patches/skipping-tests-incompatible-with-firewall.patch: backport from ubuntu18 els
- debian/patches/dont-test-unsupported-ciphers.patch: skip testing of unsupported ciphers
- debian/patches/skip-tests-error-and-unstable.patch: skip tests that fail with error and unstable ones

References

https://errata.cloudlinux.com/ubuntu16-els/CLSA-2024-1724260496.html

Affected packages

TuxCare:Ubuntu:16.04

libservlet3.1-java

Package

Name: libservlet3.1-java
Purl: pkg:deb/tuxcare/libservlet3.1-java?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.32-1ubuntu1.13+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1724260496.json"

libservlet3.1-java-doc

Package

Name: libservlet3.1-java-doc
Purl: pkg:deb/tuxcare/libservlet3.1-java-doc?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.32-1ubuntu1.13+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1724260496.json"

libtomcat8-java

Package

Name: libtomcat8-java
Purl: pkg:deb/tuxcare/libtomcat8-java?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.32-1ubuntu1.13+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1724260496.json"

tomcat8

Package

Name: tomcat8
Purl: pkg:deb/tuxcare/tomcat8?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.32-1ubuntu1.13+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1724260496.json"

tomcat8-admin

Package

Name: tomcat8-admin
Purl: pkg:deb/tuxcare/tomcat8-admin?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.32-1ubuntu1.13+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1724260496.json"

tomcat8-common

Package

Name: tomcat8-common
Purl: pkg:deb/tuxcare/tomcat8-common?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.32-1ubuntu1.13+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1724260496.json"

tomcat8-docs

Package

Name: tomcat8-docs
Purl: pkg:deb/tuxcare/tomcat8-docs?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.32-1ubuntu1.13+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1724260496.json"

tomcat8-examples

Package

Name: tomcat8-examples
Purl: pkg:deb/tuxcare/tomcat8-examples?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.32-1ubuntu1.13+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1724260496.json"

tomcat8-user

Package

Name: tomcat8-user
Purl: pkg:deb/tuxcare/tomcat8-user?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.32-1ubuntu1.13+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1724260496.json"