Red Hat announced two new security updates this afternoon: RHSA-2007:0327 and RHSA-2007:0065.
RHSA-2007:0327 Important: tomcat security update
This security update addresses several vulnerabilities in the tomcat package for Red Hat Enterprise Linux 5. A list of vulnerabilities is included below. The Red Hat Security Response Team has rated this update as having important security impact. More details can be found on the Red Hat Network.
| CVE-2005-2090 | Because Tomcat accepts multiple content-length headers, an attacker could poison a web-cache, bypass web application firewall protection, or conduct XSS attacks. |
CVE-2007-0450 | An attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. | CVE-2006-7195 | An attacker could use the default JSP examples to perform XSS attacks. |
RHSA-2007:0065 Moderate: bluez-utils security update
This security update addresses a vulnerability in the bluez-utils package for Red Hat Enterprise Linux 4. A remote attacker can inject keyboard and mouse movements via Bluetooth without any authorization (CVE-2006-6899). The Red Hat Security Response Team has rated this update as having important moderate impact. More details can be found on the Red Hat Network.
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!