stable

tomcat-8.0.50-1.fc26

FEDORA-2018-a233dae4ab created by csutherl 6 years ago for Fedora 26

This update includes a rebase from 8.0.49 up to 8.0.50 which resolves two CVEs along with various other bugs/features:

  • #1548290 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unitended exposure of resources
  • #1548284 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-a233dae4ab

This update has been submitted for testing by csutherl.

6 years ago

This update has been pushed to testing.

6 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for batched by csutherl.

6 years ago

This update has been submitted for stable by csutherl.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
BZ#1548284 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users [fedora-all]
0
0
BZ#1548290 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unitended exposure of resources [fedora-all]
0
0

Automated Test Results