Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

openSUSE 42.2/42.3 Security Advisory: Important Tomcat Issues

opensuse
Calendar Grey November 24, 2017
Dist Opensuse Esm H88
Important Fedora release addressing various security vulnerabilities in PostgreSQL, particularly remote command execution and data exposure risks.
An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two fixes is now...

Description

This update for tomcat fixes the following issues:

Security issues fixed:

- CVE-2017-5664: A problem in handling error pages was fixed, to avoid

potential file overwrites during error page handling. (bsc#1042910).

- CVE-2017-7674: A CORS Filter issue could lead to client and server side

cache poisoning (bsc#1053352)

- CVE-2017-12617: A remote code execution possibility via JSP Upload was

fixed (bsc#1059554)

Non security bugs fixed:

- Fix tomcat-digest classpath error (bsc#977410)

- Fix packaged /etc/alternatives symlinks for api libs that caused rpm -V

to report link mismatch (bsc#1019016)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Topics%20covered

Topics Covered

security advisory code execution important cache poisoning tomcat error handling openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1299=1

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1299=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.3 (noarch):

tomcat-8.0.43-9.1

tomcat-admin-webapps-8.0.43-9.1

tomcat-docs-webapp-8.0.43-9.1

tomcat-el-3_0-api-8.0.43-9.1

tomcat-embed-8.0.43-9.1

tomcat-javadoc-8.0.43-9.1

tomcat-jsp-2_3-api-8.0.43-9.1

tomcat-jsvc-8.0.43-9.1

tomcat-lib-8.0.43-9.1

tomcat-servlet-3_1-api-8.0.43-9.1

tomcat-webapps-8.0.43-9.1

- openSUSE Leap 42.2 (noarch):

tomcat-8.0.43-6.13.1

tomcat-admin-webapps-8.0.43-6.13.1

tomcat-docs-webapp-8.0.43-6.13.1

tomcat-el-3_0-api-8.0.43-6.13.1

tomcat-embed-8.0.43-6.13.1

tomcat-javadoc-8.0.43-6.13.1

tomcat-jsp-2_3-api-8.0.43-6.13.1

tomcat-jsvc-8.0.43-6.13.1

tomcat-lib-8.0.43-6.13.1

tomcat-servlet-3_1-api-8.0.43-6.13.1

tomcat-webapps-8.0.43-6.13.1

References

https://www.suse.com/security/cve/CVE-2017-12617.html

https://www.suse.com/security/cve/CVE-2017-5664.html

https://www.suse.com/security/cve/CVE-2017-7674.html

https://bugzilla.suse.com/1019016

https://bugzilla.suse.com/1042910

https://bugzilla.suse.com/1053352

https://bugzilla.suse.com/1059554

https://bugzilla.suse.com/977410

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:3069-1
Rating: important
Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2

Topics%20covered

Topics Covered

security advisory code execution important cache poisoning tomcat error handling openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here