FEDORA-2018-a233dae4ab created by csutherl 2 years ago for Fedora 26
stable

This update includes a rebase from 8.0.49 up to 8.0.50 which resolves two CVEs along with various other bugs/features:

  • #1548290 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unitended exposure of resources
  • #1548284 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users

How to install

sudo dnf upgrade --advisory=FEDORA-2018-a233dae4ab
This update has been submitted for testing by csutherl. 2 years ago
This update has been pushed to testing. 2 years ago
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes 2 years ago
This update has been submitted for batched by csutherl. 2 years ago
This update has been submitted for stable by csutherl. 2 years ago
This update has been pushed to stable. 2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#1548284 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users [fedora-all]
0
0
BZ#1548290 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unitended exposure of resources [fedora-all]
0
0

Automated Test Results