DSA-4118 tomcat-native - security update
|
Información sobre el sistema
|
| |
|
|
Software afectado |
Debian |
Descripción
|
Jonas Klempel reported that tomcat-native, a library giving Tomcataccess to the Apache Portable Runtime (APR) librarys network connection(socket) implementation and random-number generator, does not properlyhandle fields longer than 127 bytes when parsing the AIA-Extension fieldof a client certificate. If OCSP checks are used, this could result inclient certificates that should have been rejected to be accepted.
More info:
https://www.debian.org/security/2018/dsa-4118 |
Identificadores estándar
|
|
Propiedad |
Valor |
|
CVE |
CVE-2017-15698 and DSA-4118. |
