ELSA-2016-2599

ULN >
Oracle Linux Errata repository >
ELSA-2016-2599

ELSA-2016-2599 - tomcat security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2016-11-09

Description

[0:7.0.69-10]
- Related: rhbz#1368122

[0:7.0.69-9]
- Resolves: rhbz#1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
- Resolves: rhbz#1368122

[0:7.0.69-7]
- Resolves: rhbz#1362545

[0:7.0.69-6]
- Related: rhbz#1201409 Added /etc/sysconfig/tomcat to the systemd unit for tomcat-jsvc.service

[0:7.0.69-5]
- Resolves: rhbz#1347860 The systemd service unit does not allow tomcat to shut down gracefully

[0:7.0.69-4]
- Resolves: rhbz#1350438 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service

[0:7.0.69-3]
- Resolves: rhbz#1347774 The security manager doesn't work correctly (JSPs cannot be compiled)

[0:7.0.69-2]
- Rebase Resolves: rhbz#1311622 Getting NoSuchElementException while handling attributes with empty string value in tomcat
- Rebase Resolves: rhbz#1320853 Add HSTS support
- Rebase Resolves: rhbz#1293292 CVE-2014-7810 tomcat: Tomcat/JBossWeb: security manager bypass via EL expressions
- Rebase Resolves: rhbz#1347144 CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet
- Rebase Resolves: rhbz#1347139 CVE-2015-5346 tomcat: Session fixation
- Rebase Resolves: rhbz#1347136 CVE-2015-5345 tomcat: directory disclosure
- Rebase Resolves: rhbz#1347129 CVE-2015-5174 tomcat: URL Normalization issue
- Rebase Resolves: rhbz#1347146 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()
- Rebase Resolves: rhbz#1347142 CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms
- Rebase Resolves: rhbz#1347133 CVE-2015-5351 tomcat: CSRF token leak

[0:7.0.69-1]
- Resolves: rhbz#1287928 Rebase to tomcat 7.0.69
- Resolves: rhbz#1327326 rpm -V tomcat fails on /var/log/tomcat/catalina.out
- Resolves: rhbz#1277197 tomcat user has non-existing default shell set
- Resolves: rhbz#1240279 The command tomcat-digest doesn't work with RHEL 7
- Resolves: rhbz#1229476 Tomcat startup ONLY options
- Resolves: rhbz#1133070 Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar
- Resolves: rhbz#1201409 Fix the broken tomcat-jsvc service unit
- Resolves: rhbz#1221896 tomcat.service loads /etc/sysconfig/tomcat without shell expansion
- Resolves: rhbz#1208402 Mark web.xml in tomcat-admin-webapps as config file

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (x86_64)	tomcat-7.0.69-10.el7.src.rpm	0804a70197a632855fddf68968b143f2937b56d33dd00d1a1174dd56ff38495c	ELSA-2020-5020	ol7_x86_64_latest_archive
	tomcat-7.0.69-10.el7.src.rpm	0804a70197a632855fddf68968b143f2937b56d33dd00d1a1174dd56ff38495c	ELSA-2020-5020	ol7_x86_64_optional_archive
	tomcat-7.0.69-10.el7.src.rpm	0804a70197a632855fddf68968b143f2937b56d33dd00d1a1174dd56ff38495c	ELSA-2020-5020	ol7_x86_64_u3_base
	tomcat-7.0.69-10.el7.noarch.rpm	7b68db4fff2fb14475a6cbb0c66ecc1ec08e70d50ca51f1274c3452e70c10c60	ELSA-2020-5020	ol7_x86_64_latest_archive
	tomcat-7.0.69-10.el7.noarch.rpm	7b68db4fff2fb14475a6cbb0c66ecc1ec08e70d50ca51f1274c3452e70c10c60	ELSA-2020-5020	ol7_x86_64_u3_base
	tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm	586558aad6e8674f216f357d34413c670cc8713846e11b046e3118e8313ece6a	ELSA-2020-5020	ol7_x86_64_latest_archive
	tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm	586558aad6e8674f216f357d34413c670cc8713846e11b046e3118e8313ece6a	ELSA-2020-5020	ol7_x86_64_u3_base
	tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm	e8470991b08d9e2eef950bbdda06344906c81497c340587294015a8ad5ee22f2	ELSA-2020-5020	ol7_x86_64_optional_archive
	tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm	192bcd8727038edd584ddce657813bc74261534ba055e4d306e1750c2b0e70f2	ELSA-2020-5020	ol7_x86_64_latest_archive
	tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm	192bcd8727038edd584ddce657813bc74261534ba055e4d306e1750c2b0e70f2	ELSA-2020-5020	ol7_x86_64_u3_base
	tomcat-javadoc-7.0.69-10.el7.noarch.rpm	a4d9ae0bb09ea3f738a64847d76a494e8319458ef43dca336459446bf5426245	ELSA-2020-5020	ol7_x86_64_optional_archive
	tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm	854edd8021cb0fe92251d6b04862be2eb2352fcfd9822378916b0d224aa5b2f5	ELSA-2020-5020	ol7_x86_64_latest_archive
	tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm	854edd8021cb0fe92251d6b04862be2eb2352fcfd9822378916b0d224aa5b2f5	ELSA-2020-5020	ol7_x86_64_u3_base
	tomcat-jsvc-7.0.69-10.el7.noarch.rpm	2672848580e600fe1fc5f9cf0faefbd46d83c1464bd550f3dfc5b0b638733cb2	ELSA-2020-5020	ol7_x86_64_optional_archive
	tomcat-lib-7.0.69-10.el7.noarch.rpm	0fdbcf7c933e6a1c18c89ab4a06f10b1bf180a44063b049836080b68d58afa05	ELSA-2020-5020	ol7_x86_64_latest_archive
	tomcat-lib-7.0.69-10.el7.noarch.rpm	0fdbcf7c933e6a1c18c89ab4a06f10b1bf180a44063b049836080b68d58afa05	ELSA-2020-5020	ol7_x86_64_u3_base
	tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm	97e0282cff31ee1c87678bd2a8f5eb34fb1bbad62449259b0523ad68dc1f5ab2	ELSA-2020-5020	ol7_x86_64_latest_archive
	tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm	97e0282cff31ee1c87678bd2a8f5eb34fb1bbad62449259b0523ad68dc1f5ab2	ELSA-2020-5020	ol7_x86_64_u3_base
	tomcat-webapps-7.0.69-10.el7.noarch.rpm	d65f3bb2640fa19453b87cc88f5f23e17b186005260d2a9dea3cc45f9ee201f5	ELSA-2020-5020	ol7_x86_64_latest_archive
	tomcat-webapps-7.0.69-10.el7.noarch.rpm	d65f3bb2640fa19453b87cc88f5f23e17b186005260d2a9dea3cc45f9ee201f5	ELSA-2020-5020	ol7_x86_64_u3_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691