- Issued:
- 2012-06-20
- Updated:
- 2012-06-20
RHBA-2012:0945 - tomcat6 bug fix and enhancement update
Synopsis
tomcat6 bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Topic
Updated tomcat6 packages that fix several bugs and provide an enhancement are now available for Red Hat Enterprise Linux 6.
Description
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
These updated tomcat6 packages provide fixes for the following bugs:
-
Previously, in certain cases, if "LANG=fr_FR" or "LANG=fr_FR.UTF-8" was set as an environment variable or in "/etc/sysconfig/tomcat6" on 64-bit PowerPC systems, Tomcat may have failed to start correctly. With this update, Tomcat works as expected when LANG is set to "fr_FR" or "fr_FR.UTF-8". (BZ#697968)
-
The "/usr/sbin/tomcat6" wrapper script used a hard-coded path to the "catalina.out" file, which could have caused problems (such as logging init script output) if Tomcat was being run with a user other than "tomcat" and with CATALINA_BASE set to a directory other than the default. With this update, the wrapper script redirects output to ${CATALINA_BASE}/logs/catalina.out for all "start", "start-security", and "stop" actions. (BZ#701759)
-
Using the URL class coupled with the setChunkedStreamingMode() function caused a null pointer exception error and HTTP response status code 405 was returned. A patch has been applied which adds a check for form data before processing. If the requested body length is zero, a null is returned without further processing. As a result, the error no longer occurs in the scenario described. (BZ#748813)
-
Due to a regression, when a JavaServer Pages (JSP) tag that does not allow JSP Expression Language (EL) expression values (such as struts 2 tags) was used, and one of the attributes was passed a certain value (such as a backslash), the parser threw the following exception:
According to TLD or attribute directive in tag file, attribute value does not accept any expressions
JSP parsing utilizes the directive attribute "deferredSyntaxAllowedAsLiteral" which determines if deferred statements are treated as literals. The default is false. If true, the "#" sign will not be treated as an escape. This update applies an upstream patch and the problem no longer occurs. (BZ#783567)
In addition, these updated packages provide the following enhancement:
- With this update, the tomcat6 dependency on redhat-lsb has been removed. Red Hat Enterprise Linux tomcat6 strives to have Linux Standards Base (LSB) compliant systemv init scripts. However, Java has been absent from the list of compliant binaries since 2011. Since Tomcat runs in the Java Virtual Machine (JVM), there is little that can be done in addition to the init script compliance. The redhat-lsb dependency can be removed with very little risk. (BZ#782400)
Users are advised to upgrade to these updated tomcat6 packages, which provide numerous bug fixes and enhancement.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- tomcat6-jsp-2.1-api-6.0.24-45.el6.noarch.rpm
- tomcat6-admin-webapps-6.0.24-45.el6.noarch.rpm
- tomcat6-6.0.24-45.el6.src.rpm
- tomcat6-lib-6.0.24-45.el6.noarch.rpm
- tomcat6-servlet-2.5-api-6.0.24-45.el6.noarch.rpm
- tomcat6-docs-webapp-6.0.24-45.el6.noarch.rpm
- tomcat6-6.0.24-45.el6.noarch.rpm
- tomcat6-el-2.1-api-6.0.24-45.el6.noarch.rpm
- tomcat6-javadoc-6.0.24-45.el6.noarch.rpm
- tomcat6-webapps-6.0.24-45.el6.noarch.rpm
Fixes
- This content is not included.BZ - 701759
- This content is not included.BZ - 715117
- This content is not included.BZ - 726169
- This content is not included.BZ - 748813
- This content is not included.BZ - 782400
- This content is not included.BZ - 783567
- This content is not included.BZ - 802396
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.