FEDORA-2016-b19c75d748

security update in Fedora 22 for tomcat

Status: obsolete
  • Load sysconfig from tomcat.conf, resolves: #1311771, #1311905
  • Set default javax.sql.DataSource factory to apache commons one, resolves #1214381

  • Updated to 7.0.68
  • Fix symlinks from $CATALINA_HOME/lib perspective, resolves: #1308685
  • Fix tomcat user shell, resolves #1302718
  • Remove log4j support. It has never been working actually. See #1236297
  • Move shipped config to /etc/sysconfig/tomcat. /etc/tomcat/tomcat.conf can now be used to override it with shell expansion, resolves #1293636
  • Security fix for CVE-2016-0763

Comments 7

This update has been submitted for testing by van.

This update has obsoleted tomcat-7.0.68-1.fc22, and has inherited its bugs and notes.

This update has been pushed to testing.

The update has the same problems as tomcat-8.0.32-4.fc23. tomcat version works but Dogtag still fails to start.

karma: -1 #1311771: -1 #1311905: +1

Breaks Dogtag, too bad.

karma: -1

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been obsoleted by tomcat-7.0.68-3.fc22.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
obsolete
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
-2
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 3 years ago
in testing 3 years ago

Related Bugs 9

00 #1214381 tomcat lib package doesn't include tomcat-dbcp.jar (which is required and different from apache-commons-dbcp)
00 #1236297 log4j not working on tomcat
00 #1293636 Systemd tomcat.service unit loads /etc/sysconfig/tomcat without shell expansion
00 #1302718 user 'tomcat': program '/bin/nologin' does not exist
00 #1308685 links are broken when viewed from /usr/share/tomcat/lib
00 #1311093 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()
00 #1311095 CVE-2015-5174 CVE-2015-5351 CVE-2016-0714 CVE-2016-0706 CVE-2015-5345 CVE-2015-5346 CVE-2016-0763 tomcat: multiple security vulnerabilities [epel-6]
-10 #1311771 Tomcat 8.0.32 update breaks FreeIPA and Dogtag installations
0+1 #1311905 tomcat-8.0.32: tomcat version fails with load error org.apache.catalina.util.ServerInfo

Automated Test Results