Fedora 31: tomcat FEDORA-2020-04ac174fa9

    Date 02 Apr 2020
    180
    Posted By LinuxSecurity Advisories
    This update includes a rebase from 9.0.30 up to 9.0.31 which resolves one CVE along with various other bugs/features: * rhbz#1806805 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability * rhbz#1801729 tomcat-9.0.31 is available **WARNING** - This update does *not* enforce the change in defaults for the AJP Connector like the upstream fix does. This is
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2020-04ac174fa9
    2020-04-02 09:54:13.701405
    --------------------------------------------------------------------------------
    
    Name        : tomcat
    Product     : Fedora 31
    Version     : 9.0.31
    Release     : 2.fc31
    URL         : https://tomcat.apache.org/
    Summary     : Apache Servlet/JSP Engine, RI for Servlet 4.0/JSP 2.3 API
    Description :
    Tomcat is the servlet container that is used in the official Reference
    Implementation for the Java Servlet and JavaServer Pages technologies.
    The Java Servlet and JavaServer Pages specifications are developed by
    Sun under the Java Community Process.
    
    Tomcat is developed in an open and participatory environment and
    released under the Apache Software License version 2.0. Tomcat is intended
    to be a collaboration of the best-of-breed developers from around the world.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    This update includes a rebase from 9.0.30 up to 9.0.31 which resolves one CVE
    along with various other bugs/features:   * rhbz#1806805 CVE-2020-1938 tomcat:
    Apache Tomcat AJP File Read/Inclusion Vulnerability  * rhbz#1801729
    tomcat-9.0.31 is available  **WARNING** - This update does *not* enforce the
    change in defaults for the AJP Connector like the upstream fix does. This is
    done to prevent breakage of current installations, but it is highly advised to
    review your AJP Connector configuration to ensure that it is only accessible by
    your proxy! For more information see the [Tomcat Security
    Page](https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31)
    and the [Tomcat Security Considerations
    Document](https://tomcat.apache.org/tomcat-9.0-doc/security-
    howto.html#Connectors).
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Thu Mar 12 2020 Coty Sutherland  - 1:9.0.31-2
    - Related: rhbz#1806398 Undo changes in defaults for AJP connector (CVE-2020-1938) to prevent breakage, please update your configuration accordingly
    * Thu Mar  5 2020 Coty Sutherland  - 1:9.0.31-1
    - Update to 9.0.31
    - Resolves: rhbz#1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2020-04ac174fa9' at the command
    line. For more information, refer to the dnf documentation available at
    https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"94","type":"x","order":"1","pct":79.66,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.25,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.08,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.