FEDORA-2018-b1832101b8 created by csutherl 2 years ago for Fedora 28
stable

This update includes a rebase from 8.5.30 up to 8.5.32 which resolves two CVEs along with various other bugs/features:

  • #1579612 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
  • #1607586 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
  • #1607584 CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up

How to install

sudo dnf upgrade --advisory=FEDORA-2018-b1832101b8

This update has been submitted for testing by csutherl.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon lobocode commented & provided feedback 2 years ago
karma

works

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for batched by csutherl.

2 years ago

This update has been submitted for stable by csutherl.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#1579612 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins [fedora-all]
0
0
BZ#1607584 CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up [fedora-all]
0
0
BZ#1607586 CVE-2018-8034 tomcat: host name verification missing in WebSocket client [fedora-all]
0
0

Automated Test Results