Apache Security Update

July 08, 2020
Security Advisory

The Apache Software Foundation has released security advisories to address multiple vulnerabilities in ApacheTomcat CVE-2020-13934 and CVE-2020-13935. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

Versions Affected

Apache Tomcat 10.0.0-M1 to 10.0.0-M6
Apache Tomcat 9.0.0.M5 to 9.0.36
Apache Tomcat 8.5.1 to 8.5.56

Description

An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

Mitigation

Upgrade to Apache Tomcat 10.0.0-M7 or later
Upgrade to Apache Tomcat 9.0.37 or later
Upgrade to Apache Tomcat 8.5.57 or later

Reference

Apache Tomcat Security 10
Apache Tomcat Security 9
Apache Tomcat Security 8

Versions Affected

Description

Mitigation

Reference

Security Incident at Instructure (Canvas)

Linux Kernel Local Privilege Escalation Vulnerability (Copy Fail)

Action Required: New Logon Security Protocols to Access UCPath

Beware of Impersonation and Social Engineering During Emergencies

Stay Secure While Using Public and Emergency WiFi Services