ELSA-2017-2247
- ULN >
- Oracle Linux Errata repository >
- ELSA-2017-2247
ELSA-2017-2247 - tomcat security, bug fix, and enhancement update
| Type: | SECURITY |
| Impact: | LOW |
| Release Date: | 2017-08-07 |
Description
[0:7.0.76-2]
- Resolves: rhbz#1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
- Resolves: rhbz#1441481 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used
[0:7.0.76-1]
- Resolves: rhbz#1414895 Rebase tomcat to the current release
[0:7.0.69-10]
- Related: rhbz#1368122
[0:7.0.69-9]
- Resolves: rhbz#1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
- Resolves: rhbz#1368122
[0:7.0.69-7]
- Resolves: rhbz#1362545
[0:7.0.69-6]
- Related: rhbz#1201409 Added /etc/sysconfig/tomcat to the systemd unit for tomcat-jsvc.service
[0:7.0.69-5]
- Resolves: rhbz#1347860 The systemd service unit does not allow tomcat to shut down gracefully
[0:7.0.69-4]
- Resolves: rhbz#1350438 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service
[0:7.0.69-3]
- Resolves: rhbz#1347774 The security manager doesn't work correctly (JSPs cannot be compiled)
[0:7.0.69-2]
- Rebase Resolves: rhbz#1311622 Getting NoSuchElementException while handling attributes with empty string value in tomcat
- Rebase Resolves: rhbz#1320853 Add HSTS support
- Rebase Resolves: rhbz#1293292 CVE-2014-7810 tomcat: Tomcat/JBossWeb: security manager bypass via EL expressions
- Rebase Resolves: rhbz#1347144 CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet
- Rebase Resolves: rhbz#1347139 CVE-2015-5346 tomcat: Session fixation
- Rebase Resolves: rhbz#1347136 CVE-2015-5345 tomcat: directory disclosure
- Rebase Resolves: rhbz#1347129 CVE-2015-5174 tomcat: URL Normalization issue
- Rebase Resolves: rhbz#1347146 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()
- Rebase Resolves: rhbz#1347142 CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms
- Rebase Resolves: rhbz#1347133 CVE-2015-5351 tomcat: CSRF token leak
[0:7.0.69-1]
- Resolves: rhbz#1287928 Rebase to tomcat 7.0.69
- Resolves: rhbz#1327326 rpm -V tomcat fails on /var/log/tomcat/catalina.out
- Resolves: rhbz#1277197 tomcat user has non-existing default shell set
- Resolves: rhbz#1240279 The command tomcat-digest doesn't work with RHEL 7
- Resolves: rhbz#1229476 Tomcat startup ONLY options
- Resolves: rhbz#1133070 Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar
- Resolves: rhbz#1201409 Fix the broken tomcat-jsvc service unit
- Resolves: rhbz#1221896 tomcat.service loads /etc/sysconfig/tomcat without shell expansion
- Resolves: rhbz#1208402 Mark web.xml in tomcat-admin-webapps as config file
[0:7.0.54-2]
- Resolves: CVE-2014-0227
[0:7.0.54-1]
- Resolves: rhbz#1141372 - Remove systemv artifacts. Add new systemd
- artifacts. Rebase on 7.0.54.
[0:7.0.43-6]
- Resolves: CVE-2014-0099
- Resolves: CVE-2014-0096
- Resolves: CVE-2014-0075
[0:7.0.42-5]
- Related: CVE-2013-4286
- Related: CVE-2013-4322
- Related: CVE-2014-0050
- revisit patches for above.
[0:7.0.42-4]
- Related: rhbz#1056696 correct packaging for sbin tomcat
[0:7.0.42-3]
- Related: CVE-2013-4286. increment build number. missed doing
- it.
- Resolves: rhbz#1038183 remove BR for ant-nodeps. it's
- no long used.
[0:7.0.42-2]
- Resolves: rhbz#1056673 Invocation of useradd with shell
- other than sbin nologin
- Resolves: rhbz#1056677 preun systemv scriptlet unconditionally
- stops service
- Resolves: rhbz#1056696 init.d tomcat does not conform to RHEL7
- systemd rules. systemv subpackage is removed.
- Resolves: CVE-2013-4286
- Resolves: CVE-2013-4322
- Resolves: CVE-2014-0050
- Built for rhel-7 RC
[0:7.0.42-1]
- Resolves: rhbz#1051657 update to 7.0.42. Ant-nodeps is
- deprecated.
[07.0.40-3]
- Mass rebuild 2013-12-27
[0:7.0.40-1]
- Updated to 7.0.40
- Resolves: rhbz 956569 added missing commons-pool link
[0:7.0.37-2]
- Add depmaps for org.eclipse.jetty.orbit
- Resolves: rhbz#917626
[0:7.0.39-1]
- Updated to 7.0.39
[0:7.0.37-1]
- Updated to 7.0.37
[0:7.0.35-1]
- Updated to 7.0.35
- systemd SuccessExitStatus=143 for proper stop exit code processing
[0:7.0.34-1]
- Updated to 7.0.34
- ecj >= 4.2.1 now required
- Resolves: rhbz 889395 concat classpath correctly; chdir to
[0:7.0.33-2]
- Resolves: rhbz 883806 refix logdir ownership
[0:7.0.33-1]
- Updated to 7.0.33
- Resolves: rhbz 873620 need chkconfig for update-alternatives
[0:7.0.32-1]
- Updated to 7.0.32
- Resolves: rhbz 842620 symlinks to taglibs
[0:7.0.29-1]
- Updated to 7.0.29
- Add pidfile as tmpfile
- Use systemd for running as unprivileged user
- Resolves: rhbz 847751 upgrade path was broken
- Resolves: rhbz 850343 use new systemd-rpm macros
[0:7.0.28-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
[0:7.0.28-1]
- Updated to 7.0.28
- Resolves: rhbz 820119 Remove bundled apache-commons-dbcp
- Resolves: rhbz 814900 Added tomcat-coyote POM
- Resolves: rhbz 810775 Remove systemv stuff from %post scriptlet
- Remove redhat-lsb R
[0:7.0.27-2]
- Fixed native download hack
[0:7.0.27-1]
- Updated to 7.0.27
- Fixed jakarta-taglibs-standard BR and R
[0:7.0.26-2]
- Add more depmaps to J2EE apis to help jetty/glassfish updates
[0:7.0.26-2]
- Added the POM files for tomcat-api and tomcat-util (#803495)
[0:7.0.26-1]
- Updated to 7.0.26
- Bug 790334: Change ownership of logdir for logrotate
[0:7.0.25-4]
- Bug 790694: Priorities of jsp, servlet and el packages updated.
[0:7.0.25-3]
- Dropped indirect dependecy to tomcat 5
[0:7.0.25-2]
- Added hack for maven depmap of tomcat-juli absolute link [ -f ] pass correctly
[0:7.0.25-1]
- Updated to 7.0.25
- Removed EntityResolver patch (changes already in upstream sources)
- Place poms and depmaps in the same package as jars
- Added javax.servlet.descriptor to export-package of servlet-api
- Move several chkconfig actions and reqs to systemv subpackage
- New maven depmaps generation method
- Add patch to support java7. (patch sent upstream).
- Require java >= 1:1.6.0
[0:7.0.23-5]
- Exported javax.servlet.* packages in version 3.0 as 2.6 to make
servlet-api compatible with Eclipse.
[0:7.0.23-4]
- Move jsvc support to subpackage
[0:7.0.23-2]
- Add EntityResolver setter patch to jasper for jetty's need. (patch sent upstream).
[0:7.0.23-3]
- Added support to /usr/sbin/tomcat-sysd and /usr/sbin/tomcat for
starting tomcat with jsvc, which allows tomcat to perform some
privileged operations (e.g. bind to a port < 1024) and then switch
identity to a non-privileged user. Must add USE_JSVC='true' to
/etc/tomcat/tomcat.conf or /etc/sysconfig/tomcat.
[0:7.0.23-1]
- Updated to 7.0.23
[0:7.0.22-2]
- Move tomcat-juli.jar to lib package
- Drop %update_maven_depmap as in tomcat6
- Provide native systemd unit file ported from tomcat6
[0:7.0.22-1]
- Updated to 7.0.22
[0:7.0.21-3.1]
- rebuild (java), rel-eng#4932
[0:7.0.21-3]
- Fix basedir mode
[0:7.0.21-2]
- Add manifests for el-api, jasper-el, jasper, tomcat, and tomcat-juli.
[0:7.0.21-1]
- Updated to 7.0.21
[0:7.0.20-3]
- Require java = 1:1.6.0
[0:7.0.20-2]
- Require java < 1.7.0
[0:7.0.20-1]
- Updated to 7.0.20
[0:7.0.19-1]
- Updated to 7.0.19
[0:7.0.16-1]
- Updated to 7.0.16
[0:7.0.14-3]
- Added initial systemd service
- Fix some paths
[0:7.0.14-2]
- Fixed http source link
- Securify some permissions
- Added licenses for el-api and servlet-api
- Added dependency on jpackage-utils for the javadoc subpackage
[0:7.0.14-1]
- Updated to 7.0.14
[0:7.0.12-4]
- Provided local paths for libs
- Fixed dependencies
- Fixed update temp/work cleanup
[0:7.0.12-3]
- Fixed package groups
- Fixed some permissions
- Fixed some links
- Removed old tomcat6 crap
[0:7.0.12-2]
- Package now named just tomcat instead of tomcat7
- Removed Provides: tomcat-log4j
- Switched to apache-commons-* names instead of jakarta-commons-* .
- Remove the old changelog
- BR/R java >= 1:1.6.0 , same for java-devel
- Removed old tomcat6 crap
[0:7.0.12-1]
- Tomcat7
Related CVEs
| CVE-2016-0762 |
| CVE-2016-5018 |
| CVE-2016-6796 |
| CVE-2016-6794 |
| CVE-2016-6797 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (aarch64) | tomcat-7.0.76-2.el7.src.rpm | 10a34489430439c4acc6f1e017b3f3c290bf30cc733007776ce5921a8dea77aa | ELSA-2020-5020 | ol7_aarch64_latest |
| tomcat-7.0.76-2.el7.src.rpm | 10a34489430439c4acc6f1e017b3f3c290bf30cc733007776ce5921a8dea77aa | ELSA-2020-5020 | ol7_aarch64_optional_latest | |
| tomcat-7.0.76-2.el7.noarch.rpm | 87e2f915a06668744db92a3b2d8a66c4ab9c7476314bf53e200c8edf25dd3739 | ELSA-2020-5020 | ol7_aarch64_latest | |
| tomcat-admin-webapps-7.0.76-2.el7.noarch.rpm | 148483a21bfb24025db4372dd53c2e6e5aa120eafdfa6dce5727e6afb35aa9d3 | ELSA-2020-5020 | ol7_aarch64_latest | |
| tomcat-docs-webapp-7.0.76-2.el7.noarch.rpm | 605a4ed358779e82a742b2bd2a1b73f8a113d1eb36f598c1303b42db0e93d555 | ELSA-2020-5020 | ol7_aarch64_optional_latest | |
| tomcat-el-2.2-api-7.0.76-2.el7.noarch.rpm | 88d503d938372f5fd7ec40da3d4f886ff568d5ec0c8d06a0f1af3a2270e13d39 | ELSA-2020-5020 | ol7_aarch64_latest | |
| tomcat-javadoc-7.0.76-2.el7.noarch.rpm | afda8f8abae0d7966935758628e0444f9791356f3caa44ba4661c05ce07849be | ELSA-2020-5020 | ol7_aarch64_optional_latest | |
| tomcat-jsp-2.2-api-7.0.76-2.el7.noarch.rpm | 315b130e12f6c6f43fd0375af75d1ef8474a8666b346eb7f939d9ea6a445c302 | ELSA-2020-5020 | ol7_aarch64_latest | |
| tomcat-jsvc-7.0.76-2.el7.noarch.rpm | a4a829b761892dc6055c70c0d8c3814bc8ead47d145ef997214086d636bbbda7 | ELSA-2020-5020 | ol7_aarch64_optional_latest | |
| tomcat-lib-7.0.76-2.el7.noarch.rpm | c453de04fb84d887ffe8fff5793b89a41d5c19292699607e8cbb63810f8f19c9 | ELSA-2020-5020 | ol7_aarch64_latest | |
| tomcat-servlet-3.0-api-7.0.76-2.el7.noarch.rpm | c65ef920c2ebda39b42814faab706c33bf8529232a2e06a94a93e626a67fa914 | ELSA-2020-5020 | ol7_aarch64_latest | |
| tomcat-webapps-7.0.76-2.el7.noarch.rpm | ce49c130aa3a1745d80eba0ee24e5afdf62b451b615c00cd9724a881a9ea855e | ELSA-2020-5020 | ol7_aarch64_latest | |
| Oracle Linux 7 (x86_64) | tomcat-7.0.76-2.el7.src.rpm | 10a34489430439c4acc6f1e017b3f3c290bf30cc733007776ce5921a8dea77aa | ELSA-2020-5020 | ol7_x86_64_latest_archive |
| tomcat-7.0.76-2.el7.src.rpm | 10a34489430439c4acc6f1e017b3f3c290bf30cc733007776ce5921a8dea77aa | ELSA-2020-5020 | ol7_x86_64_optional_archive | |
| tomcat-7.0.76-2.el7.src.rpm | 10a34489430439c4acc6f1e017b3f3c290bf30cc733007776ce5921a8dea77aa | ELSA-2020-5020 | ol7_x86_64_u4_base | |
| tomcat-7.0.76-2.el7.noarch.rpm | 87e2f915a06668744db92a3b2d8a66c4ab9c7476314bf53e200c8edf25dd3739 | ELSA-2020-5020 | ol7_x86_64_latest_archive | |
| tomcat-7.0.76-2.el7.noarch.rpm | 87e2f915a06668744db92a3b2d8a66c4ab9c7476314bf53e200c8edf25dd3739 | ELSA-2020-5020 | ol7_x86_64_u4_base | |
| tomcat-admin-webapps-7.0.76-2.el7.noarch.rpm | 148483a21bfb24025db4372dd53c2e6e5aa120eafdfa6dce5727e6afb35aa9d3 | ELSA-2020-5020 | ol7_x86_64_latest_archive | |
| tomcat-admin-webapps-7.0.76-2.el7.noarch.rpm | 148483a21bfb24025db4372dd53c2e6e5aa120eafdfa6dce5727e6afb35aa9d3 | ELSA-2020-5020 | ol7_x86_64_u4_base | |
| tomcat-docs-webapp-7.0.76-2.el7.noarch.rpm | 605a4ed358779e82a742b2bd2a1b73f8a113d1eb36f598c1303b42db0e93d555 | ELSA-2020-5020 | ol7_x86_64_optional_archive | |
| tomcat-el-2.2-api-7.0.76-2.el7.noarch.rpm | 88d503d938372f5fd7ec40da3d4f886ff568d5ec0c8d06a0f1af3a2270e13d39 | ELSA-2020-5020 | ol7_x86_64_latest_archive | |
| tomcat-el-2.2-api-7.0.76-2.el7.noarch.rpm | 88d503d938372f5fd7ec40da3d4f886ff568d5ec0c8d06a0f1af3a2270e13d39 | ELSA-2020-5020 | ol7_x86_64_u4_base | |
| tomcat-javadoc-7.0.76-2.el7.noarch.rpm | afda8f8abae0d7966935758628e0444f9791356f3caa44ba4661c05ce07849be | ELSA-2020-5020 | ol7_x86_64_optional_archive | |
| tomcat-jsp-2.2-api-7.0.76-2.el7.noarch.rpm | 315b130e12f6c6f43fd0375af75d1ef8474a8666b346eb7f939d9ea6a445c302 | ELSA-2020-5020 | ol7_x86_64_latest_archive | |
| tomcat-jsp-2.2-api-7.0.76-2.el7.noarch.rpm | 315b130e12f6c6f43fd0375af75d1ef8474a8666b346eb7f939d9ea6a445c302 | ELSA-2020-5020 | ol7_x86_64_u4_base | |
| tomcat-jsvc-7.0.76-2.el7.noarch.rpm | a4a829b761892dc6055c70c0d8c3814bc8ead47d145ef997214086d636bbbda7 | ELSA-2020-5020 | ol7_x86_64_optional_archive | |
| tomcat-lib-7.0.76-2.el7.noarch.rpm | c453de04fb84d887ffe8fff5793b89a41d5c19292699607e8cbb63810f8f19c9 | ELSA-2020-5020 | ol7_x86_64_latest_archive | |
| tomcat-lib-7.0.76-2.el7.noarch.rpm | c453de04fb84d887ffe8fff5793b89a41d5c19292699607e8cbb63810f8f19c9 | ELSA-2020-5020 | ol7_x86_64_u4_base | |
| tomcat-servlet-3.0-api-7.0.76-2.el7.noarch.rpm | c65ef920c2ebda39b42814faab706c33bf8529232a2e06a94a93e626a67fa914 | ELSA-2020-5020 | ol7_x86_64_latest_archive | |
| tomcat-servlet-3.0-api-7.0.76-2.el7.noarch.rpm | c65ef920c2ebda39b42814faab706c33bf8529232a2e06a94a93e626a67fa914 | ELSA-2020-5020 | ol7_x86_64_u4_base | |
| tomcat-webapps-7.0.76-2.el7.noarch.rpm | ce49c130aa3a1745d80eba0ee24e5afdf62b451b615c00cd9724a881a9ea855e | ELSA-2020-5020 | ol7_x86_64_latest_archive | |
| tomcat-webapps-7.0.76-2.el7.noarch.rpm | ce49c130aa3a1745d80eba0ee24e5afdf62b451b615c00cd9724a881a9ea855e | ELSA-2020-5020 | ol7_x86_64_u4_base | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
