Lucene search

K
oraclelinuxOracleLinuxELSA-2016-2599
HistoryNov 09, 2016 - 12:00 a.m.

tomcat security, bug fix, and enhancement update

2016-11-0900:00:00
linux.oracle.com
41

EPSS

0.059

Percentile

93.6%

[0:7.0.69-10]

  • Related: rhbz#1368122
    [0:7.0.69-9]
  • Resolves: rhbz#1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
  • Resolves: rhbz#1368122
    [0:7.0.69-7]
  • Resolves: rhbz#1362545
    [0:7.0.69-6]
  • Related: rhbz#1201409 Added /etc/sysconfig/tomcat to the systemd unit for tomcat-jsvc.service
    [0:7.0.69-5]
  • Resolves: rhbz#1347860 The systemd service unit does not allow tomcat to shut down gracefully
    [0:7.0.69-4]
  • Resolves: rhbz#1350438 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service
    [0:7.0.69-3]
  • Resolves: rhbz#1347774 The security manager doesn’t work correctly (JSPs cannot be compiled)
    [0:7.0.69-2]
  • Rebase Resolves: rhbz#1311622 Getting NoSuchElementException while handling attributes with empty string value in tomcat
  • Rebase Resolves: rhbz#1320853 Add HSTS support
  • Rebase Resolves: rhbz#1293292 CVE-2014-7810 tomcat: Tomcat/JBossWeb: security manager bypass via EL expressions
  • Rebase Resolves: rhbz#1347144 CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet
  • Rebase Resolves: rhbz#1347139 CVE-2015-5346 tomcat: Session fixation
  • Rebase Resolves: rhbz#1347136 CVE-2015-5345 tomcat: directory disclosure
  • Rebase Resolves: rhbz#1347129 CVE-2015-5174 tomcat: URL Normalization issue
  • Rebase Resolves: rhbz#1347146 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()
  • Rebase Resolves: rhbz#1347142 CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms
  • Rebase Resolves: rhbz#1347133 CVE-2015-5351 tomcat: CSRF token leak
    [0:7.0.69-1]
  • Resolves: rhbz#1287928 Rebase to tomcat 7.0.69
  • Resolves: rhbz#1327326 rpm -V tomcat fails on /var/log/tomcat/catalina.out
  • Resolves: rhbz#1277197 tomcat user has non-existing default shell set
  • Resolves: rhbz#1240279 The command tomcat-digest doesn’t work with RHEL 7
  • Resolves: rhbz#1229476 Tomcat startup ONLY options
  • Resolves: rhbz#1133070 Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar
  • Resolves: rhbz#1201409 Fix the broken tomcat-jsvc service unit
  • Resolves: rhbz#1221896 tomcat.service loads /etc/sysconfig/tomcat without shell expansion
  • Resolves: rhbz#1208402 Mark web.xml in tomcat-admin-webapps as config file