FEDORA-EPEL-2016-a886ace670

security update in Fedora EPEL 6 for tomcat

Status: stable 2 years ago

This updates includes a rebase from tomcat 7.0.70 up to 7.0.72 which resolves multiple CVEs:

  • #1375582 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
  • #1390533 CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws

and includes one additional CVE fix along with two bug fixes:

  • #1376718 CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script
  • #1379170 jsvc script is broken
  • #1170797 remove tomcat6 dependency on redhat-lsb (and any other unnecessary ones)

How to install

sudo dnf upgrade --advisory=FEDORA-EPEL-2016-a886ace670

Comments 6

This update has been submitted for testing by csutherl.

This update has been pushed to testing.

csutherl edited this update.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by csutherl.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1170797 remove tomcat6 dependency on redhat-lsb (and any other unnecessary ones)
#1375582 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header [epel-all]
#1376718 CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script [epel-6]
#1379170 jsvc script is broken
#1390533 CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws [epel-6]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
high
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 5

00 #1170797 remove tomcat6 dependency on redhat-lsb (and any other unnecessary ones)
00 #1375582 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header [epel-all]
00 #1376718 CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script [epel-6]
00 #1379170 jsvc script is broken
00 #1390533 CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws [epel-6]

Automated Test Results