FEDORA-2018-b1832101b8 created by csutherl a year ago for Fedora 28
stable

This update includes a rebase from 8.5.30 up to 8.5.32 which resolves two CVEs along with various other bugs/features:

  • #1579612 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
  • #1607586 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
  • #1607584 CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up

How to install

sudo dnf upgrade --advisory=FEDORA-2018-b1832101b8

This update has been submitted for testing by csutherl.

a year ago

This update has been pushed to testing.

a year ago
User Icon lobocode commented & provided feedback a year ago
karma

works

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for batched by csutherl.

a year ago

This update has been submitted for stable by csutherl.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
BZ#1579612 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins [fedora-all]
0
0
BZ#1607584 CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up [fedora-all]
0
0
BZ#1607586 CVE-2018-8034 tomcat: host name verification missing in WebSocket client [fedora-all]
0
0

Automated Test Results