FEDORA-2016-5e0bb2f21a

security update in Fedora 23 for tomcat

Status: obsolete
  • Updated to 8.0.32
  • Fix symlinks from $CATALINA_HOME/lib perspective, resolves: #1308685
  • Remove log4j support. It has never been working actually. See #1236297
  • Move shipped config to /etc/sysconfig/tomcat. /etc/tomcat/tomcat.conf can now be used to override it with shell expansion, resolves #1293636
  • Recommend tomcat-native, resolves: #1243132
  • Resolves: #1286800 Failed to start component due to wrong allowLinking="true" in context.xml
  • Program /bin/nologin does not exist (#1302718)
  • Security fix for CVE-2016-0763

Comments 9

This update has been submitted for testing by van.

van edited this update.

This update has been pushed to testing.

This update will break all FreeIPA or Dogtag installations, as some classes were moved around into different jar files. Anyone that installs this update and tries to restart their Dogtag or FreeIPA services will have a failure when tomcat starts up with the following error in the journal:

Error: Could not find or load main class org.apache.catalina.startup.Bootstrap

I will file a bug about this, but I don't think this is something that should be updated in F23 since it's not backwards compatible and breaks people's installations.

karma: -1

I have filed #1311771 for the issue mentioned above.

I can confirm that this breaks FreeIPA/Dogtag installation in F23 as nkinder pointed out.

karma: -1

This update has been obsoleted.

Solves some issues, but brings the others already noted.

karma: -1

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
obsolete
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
-3
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 3 years ago
in testing 3 years ago
modified 3 years ago

Related Bugs 9

00 #1236297 log4j not working on tomcat
00 #1243132 Recommend tomcat-native
00 #1267936 tomcat-8.0.32 is available
00 #1286800 Failed to start component due to wrong allowLinking="true" in context.xml
00 #1293636 Systemd tomcat.service unit loads /etc/sysconfig/tomcat without shell expansion
00 #1302718 user 'tomcat': program '/bin/nologin' does not exist
00 #1308685 links are broken when viewed from /usr/share/tomcat/lib
00 #1311093 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()
00 #1311102 CVE-2015-5174 CVE-2015-5351 CVE-2016-0714 CVE-2016-0706 CVE-2015-5345 CVE-2015-5346 CVE-2016-0763 tomcat: multiple security vulnerabilities [fedora-all]

Automated Test Results