Print

Print


Synopsis:          Important: tomcat security update
Advisory ID:       SLSA-2017:1809-1
Issue Date:        2017-07-27
CVE Numbers:       CVE-2017-5648
                   CVE-2017-5664
--

Security Fix(es):

* A vulnerability was discovered in the error page mechanism in Tomcat's
DefaultServlet implementation. A crafted HTTP request could cause
undesired side effects, possibly including the removal or replacement of
the custom error page. (CVE-2017-5664)

* A vulnerability was discovered in Tomcat. When running an untrusted
application under a SecurityManager it was possible, under some
circumstances, for that application to retain references to the request or
response objects and thereby access and/or modify information associated
with another web application. (CVE-2017-5648)
--

SL7
  noarch
    tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm
    tomcat-7.0.69-12.el7_3.noarch.rpm
    tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm
    tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm
    tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm
    tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm
    tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm
    tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm
    tomcat-lib-7.0.69-12.el7_3.noarch.rpm
    tomcat-webapps-7.0.69-12.el7_3.noarch.rpm

- Scientific Linux Development Team