Author: schultz
Date: Sun Apr 13 14:11:34 2014
New Revision: 1586992
URL: http://svn.apache.org/r1586992
Log:
Added information about CVE-2014-0160 (OpenSSL "Heartbleed").
Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security-7.xml
tomcat/site/trunk/xdocs/security-8.xml
Modified: tomcat/site/trunk/docs/security-6.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1586992&r1=1586991&r2=1586992&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Sun Apr 13 14:11:34 2014
@@ -1927,6 +1927,30 @@
encoding issues that may still exist in the JVM. This work around is
included in Tomcat 6.0.18 onwards.</p>
+
+<p>
+<strong>Important: Remote Memory Read</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160";
rel="nofollow">CVE-2014-0160</a> (a.k.a. "Heartbleed")</p>
+
+
+<p>A bug in certain versions of <a href="www.openssl.org">OpenSSL</a>
+ can allow an unauthenticated remote user to read certain contents of
+ the server's memory. Binary versions of tcnative 1.1.24 - 1.1.29
+ include this vulnerable version of OpenSSL. tcnative 1.1.30 and later
+ ship with patched versions of OpenSSL.</p>
+
+
+<p>An explanation of how to deterine whether you are vulnerable and what
+ steps to take, see the Tomcat Wiki's
+ <a
href="https://wiki.apache.org/tomcat/Security/Heartbleed";>Heartbleed</a>
+ page.</p>
+
+
+<p>This issue was first announced on 7 April 2014.</p>
+
+
+<p>Affects: OpenSSL 1.0.1-1.0.1f, tcnative 1.1.24-1.1.29</p>
+
</div>
</div>
Modified: tomcat/site/trunk/docs/security-7.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1586992&r1=1586991&r2=1586992&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Sun Apr 13 14:11:34 2014
@@ -1529,6 +1529,30 @@
</ul>
+
+<p>
+<strong>Important: Remote Memory Read</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160";
rel="nofollow">CVE-2014-0160</a> (a.k.a. "Heartbleed")</p>
+
+
+<p>A bug in certain versions of <a href="www.openssl.org">OpenSSL</a>
+ can allow an unauthenticated remote user to read certain contents of
+ the server's memory. Binary versions of tcnative 1.1.24 - 1.1.29
+ include this vulnerable version of OpenSSL. tcnative 1.1.30 and later
+ ship with patched versions of OpenSSL.</p>
+
+
+<p>An explanation of how to deterine whether you are vulnerable and what
+ steps to take, see the Tomcat Wiki's
+ <a
href="https://wiki.apache.org/tomcat/Security/Heartbleed";>Heartbleed</a>
+ page.</p>
+
+
+<p>This issue was first announced on 7 April 2014.</p>
+
+
+<p>Affects: OpenSSL 1.0.1-1.0.1f, tcnative 1.1.24-1.1.29</p>
+
</div>
</div>
Modified: tomcat/site/trunk/docs/security-8.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1586992&r1=1586991&r2=1586992&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Sun Apr 13 14:11:34 2014
@@ -434,7 +434,28 @@
<div class="text">
-<p>No reports</p>
+<p>
+<strong>Important: Remote Memory Read</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160";
rel="nofollow">CVE-2014-0160</a> (a.k.a. "Heartbleed")</p>
+
+
+<p>A bug in certain versions of <a href="www.openssl.org">OpenSSL</a>
+ can allow an unauthenticated remote user to read certain contents of
+ the server's memory. Binary versions of tcnative 1.1.24 - 1.1.29
+ include this vulnerable version of OpenSSL. tcnative 1.1.30 and later
+ ship with patched versions of OpenSSL.</p>
+
+
+<p>An explanation of how to deterine whether you are vulnerable and what
+ steps to take, see the Tomcat Wiki's
+ <a
href="https://wiki.apache.org/tomcat/Security/Heartbleed";>Heartbleed</a>
+ page.</p>
+
+
+<p>This issue was first announced on 7 April 2014.</p>
+
+
+<p>Affects: OpenSSL 1.0.1-1.0.1f, tcnative 1.1.24-1.1.29</p>
</div>
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1586992&r1=1586991&r2=1586992&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Sun Apr 13 14:11:34 2014
@@ -1183,8 +1183,24 @@
encoding issues that may still exist in the JVM. This work around is
included in Tomcat 6.0.18 onwards.</p>
+ <p><strong>Important: Remote Memory Read</strong>
+ <cve>CVE-2014-0160</cve> (a.k.a. "Heartbleed")</p>
+
+ <p>A bug in certain versions of <a href="www.openssl.org">OpenSSL</a>
+ can allow an unauthenticated remote user to read certain contents of
+ the server's memory. Binary versions of tcnative 1.1.24 - 1.1.29
+ include this vulnerable version of OpenSSL. tcnative 1.1.30 and later
+ ship with patched versions of OpenSSL.</p>
+
+ <p>An explanation of how to deterine whether you are vulnerable and what
+ steps to take, see the Tomcat Wiki's
+ <a
href="https://wiki.apache.org/tomcat/Security/Heartbleed";>Heartbleed</a>
+ page.</p>
+
+ <p>This issue was first announced on 7 April 2014.</p>
+
+ <p>Affects: OpenSSL 1.0.1-1.0.1f, tcnative 1.1.24-1.1.29</p>
+
</section>
-
</body>
</document>
-
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1586992&r1=1586991&r2=1586992&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Sun Apr 13 14:11:34 2014
@@ -906,6 +906,24 @@
</li>
</ul>
+ <p><strong>Important: Remote Memory Read</strong>
+ <cve>CVE-2014-0160</cve> (a.k.a. "Heartbleed")</p>
+
+ <p>A bug in certain versions of <a href="www.openssl.org">OpenSSL</a>
+ can allow an unauthenticated remote user to read certain contents of
+ the server's memory. Binary versions of tcnative 1.1.24 - 1.1.29
+ include this vulnerable version of OpenSSL. tcnative 1.1.30 and later
+ ship with patched versions of OpenSSL.</p>
+
+ <p>An explanation of how to deterine whether you are vulnerable and what
+ steps to take, see the Tomcat Wiki's
+ <a
href="https://wiki.apache.org/tomcat/Security/Heartbleed";>Heartbleed</a>
+ page.</p>
+
+ <p>This issue was first announced on 7 April 2014.</p>
+
+ <p>Affects: OpenSSL 1.0.1-1.0.1f, tcnative 1.1.24-1.1.29</p>
+
</section>
</body>
Modified: tomcat/site/trunk/xdocs/security-8.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1586992&r1=1586991&r2=1586992&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-8.xml (original)
+++ tomcat/site/trunk/xdocs/security-8.xml Sun Apr 13 14:11:34 2014
@@ -169,10 +169,26 @@
<section name="Not a vulnerability in Tomcat">
- <p>No reports</p>
+ <p><strong>Important: Remote Memory Read</strong>
+ <cve>CVE-2014-0160</cve> (a.k.a. "Heartbleed")</p>
+
+ <p>A bug in certain versions of <a href="www.openssl.org">OpenSSL</a>
+ can allow an unauthenticated remote user to read certain contents of
+ the server's memory. Binary versions of tcnative 1.1.24 - 1.1.29
+ include this vulnerable version of OpenSSL. tcnative 1.1.30 and later
+ ship with patched versions of OpenSSL.</p>
+
+ <p>An explanation of how to deterine whether you are vulnerable and what
+ steps to take, see the Tomcat Wiki's
+ <a
href="https://wiki.apache.org/tomcat/Security/Heartbleed";>Heartbleed</a>
+ page.</p>
+
+ <p>This issue was first announced on 7 April 2014.</p>
+
+ <p>Affects: OpenSSL 1.0.1-1.0.1f, tcnative 1.1.24-1.1.29</p>
</section>
-
+
</body>
</document>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
