FEDORA-2016-4094bd4ad6 created by csutherl 3 years ago for Fedora 23
stable

This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolves multiple CVEs and a problem that 8.0.37 introduces to freeipa:

  • #1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
  • #1390532 - CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws

and includes two additional CVE fixes along with one bug fix:

  • #1383210 - CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service
  • #1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation
  • #1370262 - catalina.out is no longer in use in the main package, but still gets rotated

How to install

sudo dnf upgrade --advisory=FEDORA-2016-4094bd4ad6

This update has been submitted for testing by csutherl.

3 years ago

This update has been pushed to testing.

3 years ago

csutherl edited this update.

New build(s):

  • tomcat-8.0.38-1.fc23

Removed build(s):

  • tomcat-8.0.37-3.fc23
3 years ago

This update has been submitted for testing by csutherl.

3 years ago

This update has been pushed to testing.

3 years ago

csutherl edited this update.

3 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

3 years ago

This update has been submitted for stable by csutherl.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
BZ#1370262 catalina.out is no longer in use in the main package, but still gets rotated
0
0
BZ#1375581 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header [fedora-all]
0
0
BZ#1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service [fedora-all]
0
0
BZ#1383216 CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation [fedora-all]
0
0
BZ#1390532 CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws [fedora-all]
0
0

Automated Test Results