Synopsis: Moderate: tomcat6 security and bug fix update Advisory ID: SLSA-2016:0492-1 Issue Date: 2016-03-23 CVE Numbers: CVE-2014-7810 -- It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810) This update also fixes the following bug: * Previously, using a New I/O (NIO) connector in the Apache Tomcat 6 servlet resulted in a large memory leak. An upstream patch has been applied to fix this bug, and the memory leak no longer occurs. Tomcat must be restarted for this update to take effect. -- SL6 x86_64 tomcat6-6.0.24-94.el6_7.x86_64.rpm tomcat6-admin-webapps-6.0.24-94.el6_7.x86_64.rpm tomcat6-debuginfo-6.0.24-94.el6_7.x86_64.rpm tomcat6-docs-webapp-6.0.24-94.el6_7.x86_64.rpm tomcat6-el-2.1-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-javadoc-6.0.24-94.el6_7.x86_64.rpm tomcat6-jsp-2.1-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-lib-6.0.24-94.el6_7.x86_64.rpm tomcat6-servlet-2.5-api-6.0.24-94.el6_7.x86_64.rpm tomcat6-webapps-6.0.24-94.el6_7.x86_64.rpm i386 tomcat6-6.0.24-94.el6_7.i686.rpm tomcat6-admin-webapps-6.0.24-94.el6_7.i686.rpm tomcat6-debuginfo-6.0.24-94.el6_7.i686.rpm tomcat6-docs-webapp-6.0.24-94.el6_7.i686.rpm tomcat6-el-2.1-api-6.0.24-94.el6_7.i686.rpm tomcat6-javadoc-6.0.24-94.el6_7.i686.rpm tomcat6-jsp-2.1-api-6.0.24-94.el6_7.i686.rpm tomcat6-lib-6.0.24-94.el6_7.i686.rpm tomcat6-servlet-2.5-api-6.0.24-94.el6_7.i686.rpm tomcat6-webapps-6.0.24-94.el6_7.i686.rpm - Scientific Linux Development Team