Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

openSUSE: 2017:1292-1 Important: tomcat Information Disclosure

opensuse
Calendar Grey May 15, 2017
Dist Opensuse Esm H88
Patch release for tomcat in openSUSE tackles serious vulnerabilities and improves defenses against potential attacks.
An update that fixes three vulnerabilities is now available

Description

This update for tomcat fixes the following issues:

- CVE-2017-5647 Pipelined requests could lead to information disclosure

(bsc#1033448)

- CVE-2017-5648 Untrusted application could retain listener leading to

information disclosure (bsc#1033447)

- CVE-2016-8745 shared Processor on Connector code could lead to

information disclosure (bsc#1015119)

This update was imported from the SUSE:SLE-12-SP1:Update and

SUSE:SLE-12-SP2:Update update projects.

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-586=1

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2017-586=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.2 (noarch):

tomcat-8.0.43-6.7.1

tomcat-admin-webapps-8.0.43-6.7.1

tomcat-docs-webapp-8.0.43-6.7.1

tomcat-el-3_0-api-8.0.43-6.7.1

tomcat-embed-8.0.43-6.7.1

tomcat-javadoc-8.0.43-6.7.1

tomcat-jsp-2_3-api-8.0.43-6.7.1

tomcat-jsvc-8.0.43-6.7.1

tomcat-lib-8.0.43-6.7.1

tomcat-servlet-3_1-api-8.0.43-6.7.1

tomcat-webapps-8.0.43-6.7.1

- openSUSE Leap 42.1 (noarch):

tomcat-8.0.43-17.1

tomcat-admin-webapps-8.0.43-17.1

tomcat-docs-webapp-8.0.43-17.1

tomcat-el-3_0-api-8.0.43-17.1

tomcat-embed-8.0.43-17.1

tomcat-javadoc-8.0.43-17.1

tomcat-jsp-2_3-api-8.0.43-17.1

tomcat-jsvc-8.0.43-17.1

tomcat-lib-8.0.43-17.1

tomcat-servlet-3_1-api-8.0.43-17.1

tomcat-webapps-8.0.43-17.1

References

https://www.suse.com/security/cve/CVE-2016-8745.html

https://www.suse.com/security/cve/CVE-2017-5647.html

https://www.suse.com/security/cve/CVE-2017-5648.html

https://bugzilla.suse.com/1015119

https://bugzilla.suse.com/1033447

https://bugzilla.suse.com/1033448

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:1292-1
Rating: important
Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.