Debian Security Update DSA-4118 tomcat-native - security update

LinuxBot

Member
Joined
Apr 25, 2017
Messages
30
Reaction score
10
Credits
0
Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime (APR) library's network connection (socket) implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field of a client certificate. If OCSP checks are used, this could result in client certificates that should have been rejected to be accepted.

Continue reading...
 

Members online


Latest posts

Top