SUSE: 2017:1660-1 Important: Tomcat Multiple Security Fixes

suse

June 23, 2017

An update that fixes 12 vulnerabilities is now available

Summary

Tomcat was updated to version 7.0.78, fixing various bugs and security issues. For full details see https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Security issues fixed: - CVE-2016-0762: A realm timing attack in tomcat was fixed which could disclose existence of users (bsc#1007854) - CVE-2016-3092: Usage of vulnerable FileUpload package could have resulted in denial of service (bsc#986359) - CVE-2016-5018: A security manager bypass via a Tomcat utility method that was accessible to web applications was fixed. (bsc#1007855) - CVE-2016-5388: Setting HTTP_PROXY environment variable via Proxy header (bsc#988489) - CVE-2016-6794: A tomcat system property disclosure was fixed. (bsc#1007857) - CVE-2016-6796: A tomcat security manager bypass via manipulation of the

Topics Covered

security advisory DoS system update information disclosure SUSE tomcat control bypass

References

#1007853 #1007854 #1007855 #1007857 #1007858

#1011805 #1011812 #1015119 #1033447 #1033448

#986359 #988489

Cross- CVE-2016-0762 CVE-2016-3092 CVE-2016-5018

CVE-2016-5388 CVE-2016-6794 CVE-2016-6796

CVE-2016-6797 CVE-2016-6816 CVE-2016-8735

CVE-2016-8745 CVE-2017-5647 CVE-2017-5648

Affected Products:

SUSE Linux Enterprise Server for SAP 12

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2016-0762.html

https://www.suse.com/security/cve/CVE-2016-3092.html

https://www.suse.com/security/cve/CVE-2016-5018.html

https://www.suse.com/security/cve/CVE-2016-5388.html

https://www.suse.com/security/cve/CVE-2016-6794.html

https://www.suse.com/security/cve/CVE-2016-6796.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2017:1660-1

Rating: important

Topics Covered

security advisory DoS system update information disclosure SUSE tomcat control bypass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2017:1660-1 Important: Tomcat Multiple Security Fixes

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2017:1660-1 Important: Tomcat Multiple Security Fixes

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!