Patch information required

[ka...@accenture.com]

Hi All,

We are using Apache tomcat version 6.0.26 bundled with Jasper soft 5.0 server and we need to install below patches on our servers to fix some Vulnerabilities.

http://svn.apache.org/viewvc?view=revision&revision=958911
http://svn.apache.org/viewvc?view=revision&revision=958977
http://svn.apache.org/viewvc?view=revision&revision=959428
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151
http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-05-584&actionBtn=Search
I am not sure how to install these patches can anyone help us here.

Note: We cannot upgrade to new version. So we need the steps to install the above patches.

Regards
Kanishk Sethi

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. .
______________________________________________________________________________________

www.accenture.com

Re: Patch information required

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Kanishk,

Try reading the responses you got on the 28th and 29th. If you have
further questions, post them as a follow-up to the original thread.

- -chris

On 12/2/13, 4:26 AM, kanishk.sethi@accenture.com wrote:
> Hi All,
> 
> We are using Apache tomcat version 6.0.26 bundled with Jasper soft
> 5.0 server and we need to install below patches on our servers to
> fix some Vulnerabilities.
> 
> http://svn.apache.org/viewvc?view=revision&revision=958911 
> http://svn.apache.org/viewvc?view=revision&revision=958977 
> http://svn.apache.org/viewvc?view=revision&revision=959428 
> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151
>
> 
http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-05-584&actionBtn=Search
> I am not sure how to install these patches can anyone help us
> here.
> 
> Note: We cannot upgrade to new version. So we need the steps to
> install the above patches.
> 
> Regards Kanishk Sethi
> 
> ________________________________
> 
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If
> you have received it in error, please notify the sender immediately
> and delete the original. Any other use of the e-mail by you is
> prohibited. Where allowed by local law, electronic communications
> with Accenture and its affiliates, including e-mail and instant
> messaging (including content), may be scanned by our systems for
> the purposes of information security and assessment of internal
> compliance with Accenture policy. . 
> ______________________________________________________________________________________
>
>  www.accenture.com
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSnLXmAAoJEBzwKT+lPKRYBKsP/ihOBqpLQjeFQQt8EIFtJuV9
g8BtjXpbFoT2cAQqTifa3clb1ymj1DqzzV6KrR62U0i+0StsrIH+zHOZdrvJdF2e
bvPSXph62k1p4qwyUUn2zxgzq9tI9nHCCJg/GTXLMqwHeiS5jG1udsZ83fDQey4K
auJ+3exJBRz+W+8XcBrEfpMD5y1KFexY4aKq8Ad/dfChtFeynNQPlNqLoLFkk7Wh
PMN3BNAMhECiuevqq0nvEZiCKhOMgh8pp25Ws1JBdrjl8urSGkZmZADzNkMRpn/C
K/Y8J0VaSLXs03xl3EU+rRE6kAUXptsywQFCt561f1NSUvyKNUMUd5Qrt57fCHG7
9dIeeX2ZsUhprOL/AbelTqwxT73dq0+GdQrq3B7MNwxejDis2HMwNNrTwjecD4LA
dkuR+jmCg/drT8UlyS1oQueJY572nE4z0YmV8quIzjQCv0TOYr795mQ3FZJ3dMWj
kIFAssKQau8TAJ9JLzJjsWmTT5QxWaVYvky2Hw91kY6bRm4i5mgZe0xDW4ewv4o8
/Qn86o2xPJDn8yroIcH3fXrUJV8aBWiBXwZGxLBeH9h8k/w6Zez9MFXDsWlhB4I4
AkzkYQnIGB1ajKVth4crRfkGb8G1PfOR8RpUVMai03VBNsMNwB7sYDtFmMHgjZkc
Yg5gQ3neUk7O6FvdwvGF
=R1b2
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Patch information required

[André Warnier <aw...@ice-sa.com>]

André Warnier wrote:
> kanishk.sethi@accenture.com wrote:
>> Hi All,
>>
>> We are using Apache tomcat version 6.0.26 bundled with Jasper soft 5.0 
>> server and we need to install below patches on our servers to fix some 
>> Vulnerabilities.
>>
>> http://svn.apache.org/viewvc?view=revision&revision=958911
>> http://svn.apache.org/viewvc?view=revision&revision=958977
>> http://svn.apache.org/viewvc?view=revision&revision=959428
>> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151 
>>
>> http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-05-584&actionBtn=Search 
>>
>> I am not sure how to install these patches can anyone help us here.
>>
>> Note: We cannot upgrade to new version. So we need the steps to 
>> install the above patches.
>>
> 
> Let's maybe first rectify the above statement : technically, you 
> certainly /can/ install new versions.  Whether the internal rules of 
> your organisation allow this, is another question altogether, which has 
> to be answered by your organisation.
> 
> As far as I know, Tomcat does not distribute "patches".
> It publishes new versions, which include a number of enhancements and 
> fixes, such as the ones from SVN which you mention above. And it highly 
> recommends to keep your Tomcat version current and use the latest 
> published version, which would include the above changes and probably 
> also fix other issues which you haven't yet noticed.
> The latest 6.x version of Tomcat is here : 
> https://tomcat.apache.org/download-60.cgi
> 

Addendum :
The last link which you mention (juniper) leads to a page which clearly indicates that 
these issues have been resolved by a new release of this vendor's product, which includes 
a new major version of Tomcat.  Did you even read it ?



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Patch information required

[André Warnier <aw...@ice-sa.com>]

kanishk.sethi@accenture.com wrote:
> Hi All,
> 
> We are using Apache tomcat version 6.0.26 bundled with Jasper soft 5.0 server and we need to install below patches on our servers to fix some Vulnerabilities.
> 
> http://svn.apache.org/viewvc?view=revision&revision=958911
> http://svn.apache.org/viewvc?view=revision&revision=958977
> http://svn.apache.org/viewvc?view=revision&revision=959428
> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151
> http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-05-584&actionBtn=Search
> I am not sure how to install these patches can anyone help us here.
> 
> Note: We cannot upgrade to new version. So we need the steps to install the above patches.
> 

Let's maybe first rectify the above statement : technically, you certainly /can/ install 
new versions.  Whether the internal rules of your organisation allow this, is another 
question altogether, which has to be answered by your organisation.

As far as I know, Tomcat does not distribute "patches".
It publishes new versions, which include a number of enhancements and fixes, such as the 
ones from SVN which you mention above. And it highly recommends to keep your Tomcat 
version current and use the latest published version, which would include the above 
changes and probably also fix other issues which you haven't yet noticed.
The latest 6.x version of Tomcat is here : https://tomcat.apache.org/download-60.cgi




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org