[tomcat7] 01/02: Fixed CVE-2016-9774: Privilege escalation when the package is upgraded
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Mon Dec 5 09:23:16 UTC 2016
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to branch jessie
in repository tomcat7.
commit d949d2d983a0fdbf5c49d78473a874a34e1cef7d
Author: Emmanuel Bourg <ebourg at apache.org>
Date: Mon Dec 5 10:14:38 2016 +0100
Fixed CVE-2016-9774: Privilege escalation when the package is upgraded
---
debian/changelog | 2 ++
debian/rules | 6 ++++++
debian/tomcat7.postinst | 2 +-
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 9fcd08e..3f55ca0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,7 @@
tomcat7 (7.0.56-3+deb8u6) UNRELEASED; urgency=medium
+ * Fixed CVE-2016-9774: Potential privilege escalation when the tomcat7
+ package is upgraded. Thanks to Paul Szabo for the report (see #845393)
* Backported a fix for a test failure in Test*NonLoginAndBasicAuthenticator
with recent JREs
* Refreshed the expired SSL certificates used by the tests
diff --git a/debian/rules b/debian/rules
index c22c855..8ca85b4 100755
--- a/debian/rules
+++ b/debian/rules
@@ -197,6 +197,12 @@ binary-indep: build install
jh_manifest
dh_compress
dh_fixperms
+
+ # Make the /etc/tomcat7/Catalina/localhost directory writable by the tomcat user
+ for PACKAGE in tomcat7 tomcat7-admin tomcat7-docs tomcat7-examples; do \
+ chmod 775 --verbose debian/$$PACKAGE/etc/tomcat7/Catalina/localhost; \
+ done
+
dh_installdeb
dh_gencontrol
dh_md5sums
diff --git a/debian/tomcat7.postinst b/debian/tomcat7.postinst
index bedfba9..a8919dd 100644
--- a/debian/tomcat7.postinst
+++ b/debian/tomcat7.postinst
@@ -69,7 +69,7 @@ case "$1" in
chown -Rh $TOMCAT7_USER:$TOMCAT7_GROUP /var/lib/tomcat7/webapps /var/lib/tomcat7/common /var/lib/tomcat7/server /var/lib/tomcat7/shared
chmod 775 /var/lib/tomcat7/webapps
- chmod 775 /etc/tomcat7/Catalina /etc/tomcat7/Catalina/localhost
+ chmod 775 /etc/tomcat7/Catalina
# Authorize user tomcat7 to open privileged ports via authbind.
TOMCAT_UID="`id -u $TOMCAT7_USER`"
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git
More information about the pkg-java-commits
mailing list