LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Important: tomcat security and bug fix update
Advisory ID:       SLSA-2020:4004-1
Issue Date:        2020-10-01
CVE Numbers:       CVE-2019-17563
                   CVE-2020-13935
--

Security Fix(es):

* tomcat: multiple requests with invalid payload length in a WebSocket
frame could lead to DoS (CVE-2020-13935)

* tomcat: session fixation when using FORM authentication (CVE-2019-17563)
--

SL7
  x86_64
    tomcat-webapps-7.0.76-15.el7.noarch.rpm
    tomcat-7.0.76-15.el7.noarch.rpm
    tomcat-admin-webapps-7.0.76-15.el7.noarch.rpm
    tomcat-jsp-2.2-api-7.0.76-15.el7.noarch.rpm
    tomcat-lib-7.0.76-15.el7.noarch.rpm
    tomcat-servlet-3.0-api-7.0.76-15.el7.noarch.rpm
    tomcat-el-2.2-api-7.0.76-15.el7.noarch.rpm
  noarch
    tomcat-servlet-3.0-api-7.0.76-15.el7.noarch.rpm
    tomcat-7.0.76-15.el7.noarch.rpm
    tomcat-admin-webapps-7.0.76-15.el7.noarch.rpm
    tomcat-docs-webapp-7.0.76-15.el7.noarch.rpm
    tomcat-el-2.2-api-7.0.76-15.el7.noarch.rpm
    tomcat-javadoc-7.0.76-15.el7.noarch.rpm
    tomcat-jsp-2.2-api-7.0.76-15.el7.noarch.rpm
    tomcat-jsvc-7.0.76-15.el7.noarch.rpm
    tomcat-lib-7.0.76-15.el7.noarch.rpm
    tomcat-webapps-7.0.76-15.el7.noarch.rpm

- Scientific Linux Development Team