FEDORA-2016-0a4dccdd23

security update in Fedora 23 for tomcat

Status: stable 2 years ago

This updates includes a rebase from tomcat 8.0.32 up to 8.0.36 to resolve:

  • #1349469 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service

and also includes the following bug fixes:

  • #1341850 tomcat-jsvc.service has TOMCAT_USER value hard-coded
  • #1341853 rpm -V tomcat fails on /var/log/tomcat/catalina.out
  • #1347835 The security manager doesn't work correctly (JSPs cannot be compiled)
  • #1347864 The systemd service unit does not allow tomcat to shut down gracefully
  • #1357428 Tomcat 8.0.32 breaks deploy for candlepin.
  • #1359737 Missing maven depmap for the following artifacts: org.apache.tomcat:tomcat-websocket, org.apache.tomcat:tomcat-websocket-api
  • #1363884 The tomcat-tool-wrapper script is broken
  • #1364056 The command tomcat-digest doesn't work

How to install

sudo dnf upgrade --advisory=FEDORA-2016-0a4dccdd23

Comments 6

This update has been submitted for testing by csutherl.

csutherl edited this update.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by csutherl.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1341850 tomcat-jsvc.service has TOMCAT_USER value hard-coded
#1341853 rpm -V tomcat fails on /var/log/tomcat/catalina.out
#1347835 The security manager doesn't work correctly (JSPs cannot be compiled)
#1347864 The systemd service unit does not allow tomcat to shut down gracefully
#1349468 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service
#1349469 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service [fedora-all]
#1357428 Tomcat 8.0.32 breaks deploy for candlepin.
#1359737 Missing maven depmap for the following artifacts: org.apache.tomcat:tomcat-websocket, org.apache.tomcat:tomcat-websocket-api
#1363884 The tomcat-tool-wrapper script is broken
#1364056 The command tomcat-digest doesn't work
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 10

00 #1341850 tomcat-jsvc.service has TOMCAT_USER value hard-coded
00 #1341853 rpm -V tomcat fails on /var/log/tomcat/catalina.out
00 #1347835 The security manager doesn't work correctly (JSPs cannot be compiled)
00 #1347864 The systemd service unit does not allow tomcat to shut down gracefully
00 #1349468 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service
00 #1349469 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service [fedora-all]
00 #1357428 Tomcat 8.0.32 breaks deploy for candlepin.
00 #1359737 Missing maven depmap for the following artifacts: org.apache.tomcat:tomcat-websocket, org.apache.tomcat:tomcat-websocket-api
00 #1363884 The tomcat-tool-wrapper script is broken
00 #1364056 The command tomcat-digest doesn't work

Automated Test Results