FEDORA-2016-38e5b05260 created by csutherl 3 years ago for Fedora 25
stable

This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolves multiple CVEs and a problem that 8.0.37 introduces to freeipa:

  • #1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
  • #1390532 - CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws

and includes two additional CVE fixes along with one bug fix:

  • #1383210 - CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service
  • #1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation
  • #1370262 - catalina.out is no longer in use in the main package, but still gets rotated

How to install

sudo dnf upgrade --advisory=FEDORA-2016-38e5b05260

This update has been submitted for testing by csutherl.

3 years ago

This update has been pushed to testing.

3 years ago

csutherl edited this update.

New build(s):

  • tomcat-8.0.38-1.fc25

Removed build(s):

  • tomcat-8.0.37-3.fc25
3 years ago

This update has been submitted for testing by csutherl.

3 years ago

This update has been pushed to testing.

3 years ago

This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes

3 years ago

csutherl edited this update.

3 years ago
User Icon filiperosset commented & provided feedback 3 years ago
karma

no regressions noted

User Icon nb commented & provided feedback 3 years ago
karma

wfm

User Icon csutherl commented & provided feedback 3 years ago

wfm too :)

BZ#1375581 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header [fedora-all]
BZ#1383216 CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation [fedora-all]
BZ#1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service [fedora-all]
BZ#1370262 catalina.out is no longer in use in the main package, but still gets rotated
BZ#1390532 CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws [fedora-all]

This update has been submitted for stable by csutherl.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
BZ#1370262 catalina.out is no longer in use in the main package, but still gets rotated
0
1
BZ#1375581 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header [fedora-all]
0
1
BZ#1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service [fedora-all]
0
1
BZ#1383216 CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation [fedora-all]
0
1
BZ#1390532 CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws [fedora-all]
0
1

Automated Test Results