ELSA-2016-2599

ULN >
Oracle Linux Errata repository >
ELSA-2016-2599

ELSA-2016-2599 - tomcat security, bug fix, and enhancement update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2016-11-09

Description

[0:7.0.69-10]
- Related: rhbz#1368122

[0:7.0.69-9]
- Resolves: rhbz#1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
- Resolves: rhbz#1368122

[0:7.0.69-7]
- Resolves: rhbz#1362545

[0:7.0.69-6]
- Related: rhbz#1201409 Added /etc/sysconfig/tomcat to the systemd unit for tomcat-jsvc.service

[0:7.0.69-5]
- Resolves: rhbz#1347860 The systemd service unit does not allow tomcat to shut down gracefully

[0:7.0.69-4]
- Resolves: rhbz#1350438 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service

[0:7.0.69-3]
- Resolves: rhbz#1347774 The security manager doesn't work correctly (JSPs cannot be compiled)

[0:7.0.69-2]
- Rebase Resolves: rhbz#1311622 Getting NoSuchElementException while handling attributes with empty string value in tomcat
- Rebase Resolves: rhbz#1320853 Add HSTS support
- Rebase Resolves: rhbz#1293292 CVE-2014-7810 tomcat: Tomcat/JBossWeb: security manager bypass via EL expressions
- Rebase Resolves: rhbz#1347144 CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet
- Rebase Resolves: rhbz#1347139 CVE-2015-5346 tomcat: Session fixation
- Rebase Resolves: rhbz#1347136 CVE-2015-5345 tomcat: directory disclosure
- Rebase Resolves: rhbz#1347129 CVE-2015-5174 tomcat: URL Normalization issue
- Rebase Resolves: rhbz#1347146 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()
- Rebase Resolves: rhbz#1347142 CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms
- Rebase Resolves: rhbz#1347133 CVE-2015-5351 tomcat: CSRF token leak

[0:7.0.69-1]
- Resolves: rhbz#1287928 Rebase to tomcat 7.0.69
- Resolves: rhbz#1327326 rpm -V tomcat fails on /var/log/tomcat/catalina.out
- Resolves: rhbz#1277197 tomcat user has non-existing default shell set
- Resolves: rhbz#1240279 The command tomcat-digest doesn't work with RHEL 7
- Resolves: rhbz#1229476 Tomcat startup ONLY options
- Resolves: rhbz#1133070 Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar
- Resolves: rhbz#1201409 Fix the broken tomcat-jsvc service unit
- Resolves: rhbz#1221896 tomcat.service loads /etc/sysconfig/tomcat without shell expansion
- Resolves: rhbz#1208402 Mark web.xml in tomcat-admin-webapps as config file

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 7 (x86_64)	tomcat-7.0.69-10.el7.src.rpm	364f378946558361246aed71d21da0c5	ELSA-2020-5020
	tomcat-7.0.69-10.el7.noarch.rpm	a79bef8bb505fb886b0594aecf5e67a2	ELSA-2020-5020
	tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm	b624924fad217c7f5bc262436eba9d9f	ELSA-2020-5020
	tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm	f530f256f523ab678cb4025ee482a73f	ELSA-2020-5020
	tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm	e462b842db2fdea98c8e5f99c98e346a	ELSA-2020-5020
	tomcat-javadoc-7.0.69-10.el7.noarch.rpm	b3e51828248de4a079c968ee52db9728	ELSA-2020-5020
	tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm	e825eb63f158732de393013becabd4e4	ELSA-2020-5020
	tomcat-jsvc-7.0.69-10.el7.noarch.rpm	dadc46691a1a2d8571b393916a859011	ELSA-2020-5020
	tomcat-lib-7.0.69-10.el7.noarch.rpm	b97d4103caa86d43ada0372a40dd4597	ELSA-2020-5020
	tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm	93965d3244dc1090a8cd4832539e7c98	ELSA-2020-5020
	tomcat-webapps-7.0.69-10.el7.noarch.rpm	443dc36d7d782c1c340f05813f52010d	ELSA-2020-5020

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691