https://bugzilla.redhat.com/show_bug.cgi?id=1103804
Bug ID: 1103804
Summary: CVE-2014-0095 Apache Tomcat 8: Denial of service via
AJP requests with content length zero
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: aneelica(a)redhat.com
CC: aneelica(a)redhat.com, dknox(a)redhat.com,
ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jdoyle(a)redhat.com, jkurik(a)redhat.com,
krzysztof.daniel(a)gmail.com, lgao(a)redhat.com,
pslavice(a)redhat.com, rsvoboda(a)redhat.com,
weli(a)redhat.com
A regression was introduced in revision 1519838 (released with Apache Tomcat
8.0.0-RC2) that caused AJP requests to hang if an explicit content length of
zero was set on the request. The hanging request consumed a request processing
thread which could lead to a denial of service.
Affects:
Apache Tomcat 8.0.0-RC2 to 8.0.3
References:
http://tomcat.apache.org/security-8.html
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=VzK3kzgUi6&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1176981
Bug ID: 1176981
Summary: stapler-1.234 is available
Product: Fedora
Version: rawhide
Component: stapler
Keywords: FutureFeature, Triaged
Assignee: msrb(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Latest upstream release: 1.234
Current version/release in Fedora Rawhide: 1.233-1.fc22
URL: https://github.com/stapler/stapler/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring Soon this service
will be implemented by a new system: https://release-monitoring.org/
It will require to manage monitored projects via a new web interface. Please
make yourself familiar with the new system to ease the transition.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=cVd05Sl4A6&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1176900
Bug ID: 1176900
Summary: jenkins-remoting-2.49 is available
Product: Fedora
Version: rawhide
Component: jenkins-remoting
Keywords: FutureFeature, Triaged
Assignee: msrb(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Latest upstream release: 2.49
Current version/release in Fedora Rawhide: 2.48-1.fc22
URL: https://github.com/jenkinsci/remoting/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring Soon this service
will be implemented by a new system: https://release-monitoring.org/
It will require to manage monitored projects via a new web interface. Please
make yourself familiar with the new system to ease the transition.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=pt8q8vNn1O&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1187898
Bug ID: 1187898
Summary: maven-enforcer-1.4 is available
Product: Fedora
Version: rawhide
Component: maven-enforcer
Keywords: FutureFeature, Triaged
Assignee: msimacek(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
jcapik(a)redhat.com, mizdebsk(a)redhat.com,
msimacek(a)redhat.com
Latest upstream release: 1.4
Current version/release in Fedora Rawhide: 1.3.1-4.fc22
URL: http://repo1.maven.org/maven2/org/apache/maven/enforcer/enforcer/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring Soon this service
will be implemented by a new system: https://release-monitoring.org/
It will require to manage monitored projects via a new web interface. Please
make yourself familiar with the new system to ease the transition.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=t3WEyreplK&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1187710
Bug ID: 1187710
Summary: please make gpsars independent on netty3 subversion,
or keep in sync with lates nety
Product: Fedora
Version: rawhide
Component: gpars
Assignee: mizdebsk(a)redhat.com
Reporter: jvanek(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com,
msrb(a)redhat.com, puntogil(a)libero.it
If netty3 is about to be updated, this component must follow. It had hardcoded
netty3 version.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=RTHmfQIm2W&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1181822
Bug ID: 1181822
Summary: Jenkins does not start - libjnidispatch.so might have
disabled stack guard
Product: Fedora
Version: 21
Component: jenkins
Assignee: msrb(a)redhat.com
Reporter: rolf.offermanns(a)gmx.net
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
msrb(a)redhat.com
Description of problem:
systemctl start jenkins.service does not work. journalctl -xe shows:
jenkins[6639]: Starting Jenkins OpenJDK Server VM warning: You have loaded
library /usr/lib64/jna/libjnidispatch.so which might have disabled stack guard.
The VM will try to fix the stack guard now.
jenkins[6639]: It's highly recommended that you fix the library with 'execstack
-c <libfile>', or link it with '-z noexecstack'.
jenkins[6639]: Exception in thread "main"
java.lang.reflect.InvocationTargetException
jenkins[6639]: at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
jenkins[6639]: at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
jenkins[6639]: at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
jenkins[6639]: at java.lang.reflect.Method.invoke(Method.java:483)
jenkins[6639]: at Main._main(Main.java:146)
jenkins[6639]: at Main.main(Main.java:104)
jenkins[6639]: Caused by: java.lang.ExceptionInInitializerError
jenkins[6639]: at com.sun.akuma.CLibrary.<clinit>(CLibrary.java:89)
jenkins[6639]: at
com.sun.akuma.JavaVMArguments.resolvePID(JavaVMArguments.java:126)
jenkins[6639]: at
com.sun.akuma.JavaVMArguments.ofLinux(JavaVMArguments.java:114)
jenkins[6639]: at com.sun.akuma.JavaVMArguments.of(JavaVMArguments.java:104)
jenkins[6639]: at
com.sun.akuma.JavaVMArguments.current(JavaVMArguments.java:92)
jenkins[6639]: at com.sun.akuma.Daemon.daemonize(Daemon.java:106)
jenkins[6639]: at com.sun.akuma.Daemon.all(Daemon.java:88)
jenkins[6639]: ... 6 more
jenkins[6639]: Caused by: java.lang.RuntimeException:
java.lang.UnsatisfiedLinkError: Can't load library:
/usr/lib/jna/libjnidispatch.so
jenkins[6639]: at com.sun.jna.Native.loadNativeDispatchLibrary(Native.java:668)
jenkins[6639]: at com.sun.jna.Native.<clinit>(Native.java:131)
jenkins[6639]: ... 13 more
jenkins[6639]: Caused by: java.lang.UnsatisfiedLinkError: Can't load library:
/usr/lib/jna/libjnidispatch.so
jenkins[6639]: at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1817)
jenkins[6639]: at java.lang.Runtime.load0(Runtime.java:809)
jenkins[6639]: at java.lang.System.load(System.java:1083)
jenkins[6639]: at com.sun.jna.Native.loadNativeDispatchLibrary(Native.java:662)
jenkins[6639]: ... 14 more
runuser[6662]: pam_unix(runuser:session): session closed for user jenkins
jenkins[6639]: [FAILED]
systemd[1]: jenkins.service: control process exited, code=exited status=1
systemd[1]: Failed to start Jenkins continuous build server.
Version-Release number of selected component (if applicable):
jenkins-1.590-1.fc21.noarch
java-1.8.0-openjdk-1.8.0.25-5.b18.fc21.x86_64
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=2vIViU2dIL&a=cc_unsubscribe