[El-errata] ELSA-2017-1809 Important: Oracle Linux 7 tomcat security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Jul 27 22:22:18 PDT 2017


Oracle Linux Security Advisory ELSA-2017-1809

http://linux.oracle.com/errata/ELSA-2017-1809.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
tomcat-7.0.69-12.el7_3.noarch.rpm
tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm
tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm
tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm
tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm
tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm
tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm
tomcat-lib-7.0.69-12.el7_3.noarch.rpm
tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm
tomcat-webapps-7.0.69-12.el7_3.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/tomcat-7.0.69-12.el7_3.src.rpm



Description of changes:

[0:7.0.69-12]
- Resolves: rhbz#1441487 CVE-2017-5648 tomcat: Calls to application 
listeners did not use the appropriate facade object
- Resolves: rhbz#1441480 CVE-2017-5647 tomcat: Incorrect handling of 
pipelined requests when send file was used
- Resolves: rhbz#1459746 CVE-2017-5664 tomcat: Security constrained 
bypass in error page mechanism





More information about the El-errata mailing list