stable

tomcat-8.0.38-1.fc25

FEDORA-2016-38e5b05260 created by csutherl 7 years ago for Fedora 25

This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolves multiple CVEs and a problem that 8.0.37 introduces to freeipa:

  • #1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
  • #1390532 - CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws

and includes two additional CVE fixes along with one bug fix:

  • #1383210 - CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service
  • #1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation
  • #1370262 - catalina.out is no longer in use in the main package, but still gets rotated

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2016-38e5b05260

This update has been submitted for testing by csutherl.

7 years ago

This update has been pushed to testing.

7 years ago

csutherl edited this update.

New build(s):

  • tomcat-8.0.38-1.fc25

Removed build(s):

  • tomcat-8.0.37-3.fc25
7 years ago

This update has been submitted for testing by csutherl.

7 years ago

This update has been pushed to testing.

7 years ago

This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes

7 years ago

csutherl edited this update.

7 years ago
User Icon filiperosset commented & provided feedback 7 years ago
karma

no regressions noted

User Icon nb commented & provided feedback 7 years ago
karma

wfm

User Icon csutherl commented & provided feedback 7 years ago

wfm too :)

BZ#1375581 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header [fedora-all]
BZ#1383216 CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation [fedora-all]
BZ#1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service [fedora-all]
BZ#1370262 catalina.out is no longer in use in the main package, but still gets rotated
BZ#1390532 CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws [fedora-all]

This update has been submitted for stable by csutherl.

7 years ago

This update has been pushed to stable.

7 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago
modified
7 years ago
BZ#1370262 catalina.out is no longer in use in the main package, but still gets rotated
0
1
BZ#1375581 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header [fedora-all]
0
1
BZ#1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service [fedora-all]
0
1
BZ#1383216 CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation [fedora-all]
0
1
BZ#1390532 CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws [fedora-all]
0
1

Automated Test Results