This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolves multiple CVEs and a problem that 8.0.37 introduces to freeipa:
- #1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
- #1390532 - CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws
and includes two additional CVE fixes along with one bug fix:
- #1383210 - CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service
- #1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation
- #1370262 - catalina.out is no longer in use in the main package, but still gets rotated
Please login to add feedback.