FEDORA-EPEL-2016-3ff1f4485b created by csutherl 3 years ago for Fedora EPEL 6
stable

The update provides resolutions for 11 bugs, including 7 CVE fixes and a rebase from version 7.0.65 to 7.0.70.

This update has been submitted for testing by csutherl. 3 years ago
csutherl edited this update. 3 years ago
csutherl edited this update. 3 years ago
This update has been pushed to testing. 3 years ago
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes 3 years ago
This update has been submitted for stable by csutherl. 3 years ago
This update has been pushed to stable. 3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
BZ#1104704 /usr/sbin/tomcat overrides settings specified in /etc/sysconfig/${NAME}
0
0
BZ#1104708 Tomcat init script does not respect setting of CATALINA_PID in /etc/sysconfig/tomcat
0
0
BZ#1311076 CVE-2015-5351 tomcat: CSRF token leak
0
0
BZ#1311082 CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms
0
0
BZ#1311085 CVE-2015-5346 tomcat: Session fixation
0
0
BZ#1311087 CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet
0
0
BZ#1311089 CVE-2015-5345 tomcat: directory disclosure
0
0
BZ#1311093 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()
0
0
BZ#1311499 Updating package causes tomcat to not start on boot.
0
0
BZ#1312280 Unable to overwrite the TOMCAT_SCRIPT variable
0
0
BZ#1314177 Tomcat init script reports wrong status when one instance of several is stopped
0
0
BZ#1327327 rpm -V tomcat fails on /var/log/tomcat/catalina.out
0
0
BZ#1347838 The security manager doesn't work correctly (JSPs cannot be compiled)
0
0
BZ#1349468 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service
0
0
BZ#1352009 CVE-2015-5351 CVE-2016-0714 CVE-2016-0706 CVE-2015-5345 CVE-2015-5346 CVE-2016-0763 CVE-2016-3092 tomcat: multiple security vulnerabilities [epel-6]
0
0
BZ#1352120 The javadoc package is useless; it contains one index.html
0
0
BZ#1364067 The tomcat-tool-wrapper script is broken
0
0
BZ#1364068 The command tomcat-digest doesn't work
0
0

Automated Test Results