Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
patchinfo.3377
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.3377
<patchinfo incident="3377"> <issue id="974407" tracker="bnc">tomcat upstream bug 58999 StringIndexOutOfBoundsException WebAppClassLoaderBase.filter()</issue> <issue id="1002639" tracker="bnc">Tomcat Lacks "setenv.sh" Implementation</issue> <issue id="1004728" tracker="bnc">Tomcat-apache Servlet and JSP Examples application cannot be accessed</issue> <issue id="1010893" tracker="bnc"> [TRACKERBUG] FATE#321029 [ECO] Update jakarta-commons-dbcp to 2.0</issue> <issue id="321029" tracker="fate"> [TRACKERBUG] FATE#321029 [ECO] Update jakarta-commons-dbcp to 2.0</issue> <issue id="1007854" tracker="bnc">VUL-1: CVE-2016-0762: tomcat: Realm Timing Attack</issue> <issue id="1007855" tracker="bnc">VUL-1: CVE-2016-5018: tomcat: Security Manager Bypass</issue> <issue id="1007857" tracker="bnc">VUL-0: CVE-2016-6794: tomcat: System Property Disclosure</issue> <issue id="1007858" tracker="bnc">VUL-1: CVE-2016-6796: tomcat: Security Manager Bypass</issue> <issue id="1007853" tracker="bnc">VUL-1: CVE-2016-6797: tomcat: Unrestricted Access to Global Resources</issue> <issue id="1011805" tracker="bnc">VUL-0: CVE-2016-8735: tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener</issue> <issue id="1011812" tracker="bnc">VUL-0: CVE-2016-6816: tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests</issue> <issue id="2016-0762" tracker="cve" /> <issue id="2016-5018" tracker="cve" /> <issue id="2016-6794" tracker="cve" /> <issue id="2016-6796" tracker="cve" /> <issue id="2016-6797" tracker="cve" /> <issue id="2016-8735" tracker="cve" /> <issue id="2016-6816" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>mateialbu</packager> <description> This update for Tomcat provides the following fixes: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. (bsc#1010893 fate#321029) Security fixes: - CVE-2016-0762: Realm Timing Attack (bsc#1007854) - CVE-2016-5018: Security Manager Bypass (bsc#1007855) - CVE-2016-6794: System Property Disclosure (bsc#1007857) - CVE-2016-6796: Manager Bypass (bsc#1007858) - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853) - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805) - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812) Bugs fixed: - Fixed StringIndexOutOfBoundsException in WebAppClassLoaderBase.filter(). (bsc#974407) - Fixed a deployment error in the examples webapp by changing the context.xml format to the new one introduced by Tomcat 8. (bsc#1004728) - Enabled optional setenv.sh script. See section '(3.4) Using the "setenv" script' in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt. (bsc#1002639) - Fixed regression caused by CVE-2016-6816. </description> <summary>Security update for tomcat</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor