Bug 865746 (CVE-2013-4322) - VUL-0: CVE-2013-4322: tomcat: incomplete fix for CVE-2012-3544
Summary: VUL-0: CVE-2013-4322: tomcat: incomplete fix for CVE-2012-3544
Status: RESOLVED FIXED
Alias: CVE-2013-4322
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 13.1
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2014-06-16
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp1:58154 maint:...
Keywords: DSLA_REQUIRED, security_vulnerability
Depends on:
Blocks:
 
Reported: 2014-02-26 09:06 UTC by Victor Pereira
Modified: 2014-08-13 17:04 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority: 300
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2014-02-26 09:06:44 UTC 
CVE-2013-4322

The fix for CVE-2012-3544 was not complete. It did not cover the following cases:

a) Chunk extensions were not limited
b) Whitespace after the : in a trailing header was not limited

This has been corrected in upstream versions 8.0.0-rc10 [1],[2], 7.0.50 [3],[4], and 6.0.39 [5]

[1] http://svn.apache.org/viewvc?view=revision&revision=1521834
[2] http://svn.apache.org/viewvc?view=revision&revision=1549522
[3] http://svn.apache.org/viewvc?view=revision&revision=1521864
[4] http://svn.apache.org/viewvc?view=revision&revision=1549523
[5] http://svn.apache.org/viewvc?view=revision&revision=1556540
[6] https://bugzilla.redhat.com/show_bug.cgi?id=1069905
Comment 1 Swamp Workflow Management 2014-02-26 23:00:28 UTC 
bugbot adjusting priority
Comment 3 david chenworth 2014-05-01 19:25:53 UTC 
SR Number: 10889002334
Bug Number: 865746
Issue Type: [-700] Security Vulnerability
Severity: [-100] Normal
Entitlement Type: [-50] Standard
Workaround: [-20] No
Environment: [-20] Production
Frequency: [-65] Continuously
# of Users Affected: [-75] 1000+
Potential Users: 0
DSLA Required: true
NTS Defect Priority: 300
Comment 10 Sebastian Krahmer 2014-05-28 13:29:44 UTC 
Weird, there seems to be a different CVE assigned for this
incomplete fix:

https://bugzilla.redhat.com/show_bug.cgi?id=1072776
Comment 11 SMASH SMASH 2014-06-02 12:40:12 UTC 
Affected packages:

SLE-11-SP3: tomcat6
Comment 12 Swamp Workflow Management 2014-06-02 12:40:25 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-06-16.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57626
Comment 21 Duncan Mac-Vicar 2014-07-02 07:35:53 UTC 
I submitted from home:dmacvicar:branches:SUSE:SLE-11:Update and the package seems to be fine there. It can't refer to 6.0.18, if the point of the SR is to upgrade it to 6.0.41
Comment 27 david chenworth 2014-07-29 17:41:37 UTC 
I'm not seeing a fix released for SLES11 SP3 yet.  If I'm mistaken, can someone please point me to the link.  Currently all I see on this is something released for SLES10.
http://download.novell.com/Download?buildid=yuOvruxpOvI~

and then similar for a search on the CVE's in comment 26 (except for CVE-2014-0119)
Comment 28 Marcus Meissner 2014-07-30 11:44:46 UTC 
It is still in QA. We are facing some interoperability problems with OES novell-tomcat that first also needs to be resolved.

Current release target is around end of next week.
Comment 29 Marcus Meissner 2014-08-13 08:24:50 UTC 
released
Comment 30 Swamp Workflow Management 2014-08-13 17:04:38 UTC 
SUSE-SU-2014:1015-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 844689,865746,880346,880347,880348,881700
CVE References: CVE-2012-3544,CVE-2013-4322,CVE-2014-0096,CVE-2014-0099,CVE-2014-0119
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    libtcnative-1-0-1.3.3-12.2.1, tomcat6-6.0.41-0.43.1
SUSE Linux Enterprise Server 11 SP3 (src):    libtcnative-1-0-1.3.3-12.2.1, tomcat6-6.0.41-0.43.1