[tomcat8] 01/02: Fixed CVE-2016-1240: Local Root Privilege Escalation
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Thu Sep 15 18:52:10 UTC 2016
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to branch master
in repository tomcat8.
commit ed788f784c8cba28253f5be4453cc0fb6b284cdb
Author: Emmanuel Bourg <ebourg at apache.org>
Date: Wed Sep 14 10:19:59 2016 +0200
Fixed CVE-2016-1240: Local Root Privilege Escalation
---
debian/changelog | 8 +++++++-
debian/tomcat8.init | 6 ++++--
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 3e0d79c..151fe54 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,12 @@
-tomcat8 (8.0.36-3) UNRELEASED; urgency=medium
+tomcat8 (8.0.36-3) UNRELEASED; urgency=high
* Team upload.
+ * Fixed CVE-2016-1240: A flaw in the init.d startup script allows local
+ attackers who have gained access to the server in the context of the
+ tomcat user through a vulnerability in a web application to replace
+ the catalina.out file with a symlink to an arbitrary file on the system,
+ potentially leading to a root privilege escalation.
+ Thanks to Dawid Golunski for the report.
* Removed the default 128M heap limit (LP: #568823)
* Depend on taglibs-standard instead of jakarta-taglibs-standard
diff --git a/debian/tomcat8.init b/debian/tomcat8.init
index a14e191..0cffa37 100644
--- a/debian/tomcat8.init
+++ b/debian/tomcat8.init
@@ -169,8 +169,10 @@ catalina_sh() {
# Run the catalina.sh script as a daemon
set +e
- touch "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out
- chown $TOMCAT8_USER "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out
+ if [ ! -f "$CATALINA_BASE"/logs/catalina.out ]; then
+ install -o $TOMCAT8_USER -g adm -m 644 /dev/null "$CATALINA_BASE"/logs/catalina.out
+ fi
+ install -o $TOMCAT8_USER -g adm -m 644 /dev/null "$CATALINA_PID"
start-stop-daemon --start -b -u "$TOMCAT8_USER" -g "$TOMCAT8_GROUP" \
-c "$TOMCAT8_USER" -d "$CATALINA_TMPDIR" -p "$CATALINA_PID" \
-x /bin/bash -- -c "$AUTHBIND_COMMAND $TOMCAT_SH"
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git
More information about the pkg-java-commits
mailing list