FEDORA-2016-4094bd4ad6

security update in Fedora 23 for tomcat

Status: stable 2 years ago

This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolves multiple CVEs and a problem that 8.0.37 introduces to freeipa:

  • #1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
  • #1390532 - CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws

and includes two additional CVE fixes along with one bug fix:

  • #1383210 - CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service
  • #1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation
  • #1370262 - catalina.out is no longer in use in the main package, but still gets rotated

How to install

sudo dnf upgrade --advisory=FEDORA-2016-4094bd4ad6

Comments 9

This update has been submitted for testing by csutherl.

This update has been pushed to testing.

csutherl edited this update.

New build(s):

  • tomcat-8.0.38-1.fc23

Removed build(s):

  • tomcat-8.0.37-3.fc23

This update has been submitted for testing by csutherl.

This update has been pushed to testing.

csutherl edited this update.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by csutherl.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
high
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 5

00 #1370262 catalina.out is no longer in use in the main package, but still gets rotated
00 #1375581 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header [fedora-all]
00 #1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service [fedora-all]
00 #1383216 CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation [fedora-all]
00 #1390532 CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws [fedora-all]

Automated Test Results