[Git][java-team/tomcat9][bullseye] 3 commits: Fix CVE-2021-42340:
Markus Koschany (@apo)
gitlab at salsa.debian.org
Fri Nov 12 11:09:29 GMT 2021
Markus Koschany pushed to branch bullseye at Debian Java Maintainers / tomcat9
Commits:
44092bc7 by Markus Koschany at 2021-11-12T10:43:28+01:00
Fix CVE-2021-42340:
A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection
does not release for WebSocket connections once the WebSocket connection is
closed. If a sufficient number of such requests are made, an OutOfMemoryError
occurs, leading to a denial of service.
- - - - -
8778922a by Markus Koschany at 2021-11-12T10:47:36+01:00
Update changelog
- - - - -
e56d467a by Markus Koschany at 2021-11-12T11:11:33+01:00
Update patch header
- - - - -
3 changed files:
- debian/changelog
- + debian/patches/CVE-2021-42340.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,14 @@
+tomcat9 (9.0.43-2~deb11u3) bullseye-security; urgency=high
+
+ * Team upload.
+ * Fix CVE-2021-42340:
+ Apache Tomcat did not properly release an HTTP upgrade connection for
+ WebSocket connections once the WebSocket connection was closed. This
+ created a memory leak that, over time, could lead to a denial of service
+ via an OutOfMemoryError.
+
+ -- Markus Koschany <apo at debian.org> Fri, 12 Nov 2021 10:45:54 +0100
+
tomcat9 (9.0.43-2~deb11u2) bullseye-security; urgency=high
* Team upload.
=====================================
debian/patches/CVE-2021-42340.patch
=====================================
@@ -0,0 +1,31 @@
+From: Markus Koschany <apo at debian.org>
+Date: Fri, 12 Nov 2021 10:42:54 +0100
+Subject: CVE-2021-42340
+
+Origin: https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47
+---
+ java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java b/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java
+index 414f9bc..1b4a5bb 100644
+--- a/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java
++++ b/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java
+@@ -101,6 +101,7 @@ public class WsHttpUpgradeHandler implements InternalHttpUpgradeHandler {
+
+ @Override
+ public void init(WebConnection connection) {
++ this.connection = connection;
+ if (ep == null) {
+ throw new IllegalStateException(
+ sm.getString("wsHttpUpgradeHandler.noPreInit"));
+@@ -212,7 +213,9 @@ public class WsHttpUpgradeHandler implements InternalHttpUpgradeHandler {
+
+ @Override
+ public void destroy() {
++ WebConnection connection = this.connection;
+ if (connection != null) {
++ this.connection = null;
+ try {
+ connection.close();
+ } catch (Exception e) {
=====================================
debian/patches/series
=====================================
@@ -14,3 +14,4 @@
CVE-2021-30640.patch
CVE-2021-33037.patch
CVE-2021-41079.patch
+CVE-2021-42340.patch
View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/compare/cf7b34d3c518fa556be825437479bfeba86a0b68...e56d467a6bc219800412e4dadfb556d3f64cc43b
--
View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/compare/cf7b34d3c518fa556be825437479bfeba86a0b68...e56d467a6bc219800412e4dadfb556d3f64cc43b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20211112/cb0bf1cb/attachment.htm>
More information about the pkg-java-commits
mailing list