Ubuntu Security Notice USN-976-1 August 25, 2010
tomcat6 vulnerability
CVE-2010-2227
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.04:
libtomcat6-java 6.0.18-0ubuntu6.3
Ubuntu 9.10:
libtomcat6-java 6.0.20-2ubuntu2.2
Ubuntu 10.04 LTS:
libtomcat6-java 6.0.24-2ubuntu1.3
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding
headers. A remote attacker could send specially crafted requests containing
invalid headers to the server and cause a denial of service, or possibly
obtain sensitive information from other requests.