Gentoo Security Advisory GLSA 200408-15 (tomcat)

Summary
The remote host is missing updates announced in advisory GLSA 200408-15.
Solution
All Tomcat users can upgrade to the latest stable version, or simply apply the workaround: # emerge sync # emerge -pv '>=www-servers/tomcat-5.0.27-r3' # emerge '>=www-servers/tomcat-5.0.27-r3' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200408-15 http://bugs.gentoo.org/show_bug.cgi?id=59232
Insight
Improper file ownership may allow a member of the tomcat group to execute scripts as root.