Synopsis: Important: tomcat security and bug fix update Advisory ID: SLSA-2020:4004-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-17563 CVE-2020-13935 -- Security Fix(es): * tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS (CVE-2020-13935) * tomcat: session fixation when using FORM authentication (CVE-2019-17563) -- SL7 x86_64 tomcat-webapps-7.0.76-15.el7.noarch.rpm tomcat-7.0.76-15.el7.noarch.rpm tomcat-admin-webapps-7.0.76-15.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.76-15.el7.noarch.rpm tomcat-lib-7.0.76-15.el7.noarch.rpm tomcat-servlet-3.0-api-7.0.76-15.el7.noarch.rpm tomcat-el-2.2-api-7.0.76-15.el7.noarch.rpm noarch tomcat-servlet-3.0-api-7.0.76-15.el7.noarch.rpm tomcat-7.0.76-15.el7.noarch.rpm tomcat-admin-webapps-7.0.76-15.el7.noarch.rpm tomcat-docs-webapp-7.0.76-15.el7.noarch.rpm tomcat-el-2.2-api-7.0.76-15.el7.noarch.rpm tomcat-javadoc-7.0.76-15.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.76-15.el7.noarch.rpm tomcat-jsvc-7.0.76-15.el7.noarch.rpm tomcat-lib-7.0.76-15.el7.noarch.rpm tomcat-webapps-7.0.76-15.el7.noarch.rpm - Scientific Linux Development Team