FEDORA-2016-62619c1bda — security update for tomcat

obsolete

tomcat-7.0.68-1.fc22

FEDORA-2016-62619c1bda created by van 9 years ago for Fedora 22

Updated to 7.0.68
Fix symlinks from $CATALINA_HOME/lib perspective, resolves: #1308685
Fix tomcat user shell, resolves #1302718
Remove log4j support. It has never been working actually. See #1236297
Move shipped config to /etc/sysconfig/tomcat. /etc/tomcat/tomcat.conf can now be used to override it with shell expansion, resolves #1293636
Security fix for CVE-2016-0763

This update has been submitted for testing by van.

9 years ago

This update has been pushed to testing.

9 years ago

cheimes commented & provided feedback 9 years ago

karma

This version has the same same issue as the latest 8.0. It breaks Dogtag and FreeIPA.

# rpm -qa tomcat
tomcat-7.0.68-1.fc22.noarch
# tomcat version
Error: Could not find or load main class org.apache.catalina.util.ServerInfo

https://bugzilla.redhat.com/show_bug.cgi?id=1311771

This update has been obsoleted by tomcat-7.0.68-2.fc22.

9 years ago

Please login to add feedback.

Metadata

Type

security

Karma

-1

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Thresholds

Minimum Karma

Minimum Testing

7 days

Dates

submitted

9 years ago

in testing

9 years ago

Builds

tomcat-7.0.68-1.fc22

BZ#1236297 log4j not working on tomcat

BZ#1293636 Systemd tomcat.service unit loads /etc/sysconfig/tomcat without shell expansion

BZ#1302718 user 'tomcat': program '/bin/nologin' does not exist

BZ#1308685 links are broken when viewed from /usr/share/tomcat/lib

BZ#1311093 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()

BZ#1311095 CVE-2015-5174 CVE-2015-5351 CVE-2016-0714 CVE-2016-0706 CVE-2015-5345 CVE-2015-5346 CVE-2016-0763 tomcat: multiple security vulnerabilities [epel-6]

tomcat-7.0.68-1.fc22

Automated Test Results

None