[El-errata] ELSA-2016-2045 Important: Oracle Linux 6 tomcat6 security and bug fix update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Oct 10 22:20:00 PDT 2016
Oracle Linux Security Advisory ELSA-2016-2045
http://linux.oracle.com/errata/ELSA-2016-2045.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
tomcat6-6.0.24-98.el6_8.noarch.rpm
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm
tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm
tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm
tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm
tomcat6-lib-6.0.24-98.el6_8.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm
tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm
x86_64:
tomcat6-6.0.24-98.el6_8.noarch.rpm
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm
tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm
tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm
tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm
tomcat6-lib-6.0.24-98.el6_8.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm
tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/tomcat6-6.0.24-98.el6_8.src.rpm
Description of changes:
[0:6.0.24-98]
- Resolves: rhbz#1362210 CVE-2016-5388 Tomcat: CGI sets environmental
variable based on user supplied Proxy request header
- Resolves: rhbz#1368119
[0:6.0.24-97]
- Resolves: rhbz#1367051 CVE-2015-5174 URL Normalization issue
- Resolves: rhbz#1367054 CVE-2016-0706 Security Manager bypass via
StatusManagerServlet
- Resolves: rhbz#1367058 CVE-2016-0714 Security Manager bypass via
persistence mechanisms
- Resolves: rhbz#1367054 CVE-2015-5345 Directory disclosure
[0:6.0.24-96]
- Resolves: rhbz#1357123 rpm -V tomcat6 fails due on
/var/log/tomcat6/catalina.out
More information about the El-errata
mailing list