Synopsis: Important: tomcat security update Advisory ID: SLSA-2017:1809-1 Issue Date: 2017-07-27 CVE Numbers: CVE-2017-5648 CVE-2017-5664 -- Security Fix(es): * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * A vulnerability was discovered in Tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648) -- SL7 noarch tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm - Scientific Linux Development Team