tomcat6: Fix user password information leak
The following security issues were fixed in tomcat:
- Fixed a tomcat user password information leak
(CVE-2011-2204)
- Fixed atomcat information leak and DoS (CVE-2011-2526)
Also one bug was fixed:
- fix bnc#702289 - suse manager pam ldap authentication
fails
* source CATALINA_HOME/bin/setenv.sh if exists
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5002
Fixed bugs
bnc#706404
VUL-0: CVE-2011-2204: tomcat user password information leak
bnc#706382
VUL-0: CVE-2011-2526: tomcat information leak and DoS
bnc#702289
suse manager pam ldap authentication fails
CVE#CVE-2011-2204
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive informat
