-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3788-2 security@xxxxxxxxxx https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 The update for tomcat8 issued as DSA-3788-1 caused that the server could return HTTP 400 errors under certain circumstances. Updated packages are now available to correct this issue. For reference, the original advisory text follows. It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. For the stable distribution (jessie), this problem has been fixed in version 8.0.14-1+deb8u8. We recommend that you upgrade your tomcat8 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlituMpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TR/Q/9GYULVLaN17mQJPJsXN0AVMwPY9uVPuipWIILxEorzRh4+ikHt7RXSxXJ 1rdrX8KsAcrkPRe4GwxRJT3T4h3COu4LluAnuauw1wp7D6ANPm3A+v+6YJxSPMQD sMNj7olu+jVIols0lLmWoNWQgAxEJ4OFxrny4KNP1MDbrlf5UjYA1frIK0JcXdxt t+fR5imTfbqHAhuESyLm7YmIzCsLlCroFWaeuauZTQqM6p4+LzCpGRYA3BoU6X4S SnZ14o6S/E5JFEn9qVZQ5usS0VHFZRFRtq5txuzaKM6u1NyswPFwE5LrO26IyIa2 kCRg6pJ+cwe/jrlBSJ67UPRXZNljMB6hvZD14FqcFdb+QifVDlKrQHOKxKi7SYSV Lksi5QuUa9bzHgYAok7PdcXoKqKbrJP1U8dj8bvDIVxBqxaX7H2aGjlu357ESVSs DVab7ETfCtsLy1/P66hFMVjoWWZPswAwNUr0XK8J9zCd6ARUEARZ4XrlXuk0A8vN 5Z5ubeWPx0mmAqA4VO9YNELkboWAgZheI9JE9BfepBPRwggCarFn51COcQrMl8Z7 e9XTZblwbadiUj0NCZgWdklWU3BVgiUJpFY1exp1tgAid4jp6rWVcDq3/DVwaUKV nepkUYnVxEtsLSHH+P90I8JdwM+GFxX1F+K5YaaCIQfJCNxhu4g= =S0Vn -----END PGP SIGNATURE-----