File _patchinfo of Package patchinfo.6040

<patchinfo incident="6040">
  <issue id="1053352" tracker="bnc">VUL-0: CVE-2017-7674: tomcat: The CORS Filter issue could lead to client and server side cache poisoning</issue>
  <issue id="1059554" tracker="bnc">VUL-0: CVE-2017-12615, CVE-2017-12617: tomcat: Remote Code Execution via JSP Upload</issue>
  <issue id="977410" tracker="bnc">Tomcat-apache : The command tomcat-digest doesn't work</issue>
  <issue id="1042910" tracker="bnc">VUL-0: CVE-2017-5664: tomcat,tomcat6: Security constrained bypass in error page mechanism</issue>
  <issue id="1059551" tracker="bnc">VUL-0: CVE-2017-12616: tomcat: Information Disclosure when using VirtualDirContext</issue>
  <issue id="2017-7674" tracker="cve" />
  <issue id="2017-5664" tracker="cve" />
  <issue id="2017-12615" tracker="cve" />
  <issue id="2017-12616" tracker="cve" />
  <issue id="2017-12617" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>malbu</packager>
  <description>

Apache Tomcat was updated to 7.0.82 adding features, fixing bugs and security issues.

This is another bugfix release, for full details see:

    https://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Fixed security issues:

- CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. (bsc#1042910).
- CVE-2017-7674: A CORS Filter issue could lead to client and server side cache poisoning (bsc#1053352)
- CVE-2017-12617: A remote code execution possibility via JSP Upload was fixed (bsc#1059554)
- CVE-2017-12616: An information disclosure when using VirtualDirContext was fixed (bsc#1059551)
- CVE-2017-12615: A Remote Code Execution via JSP Upload was fixed (bsc#1059554)

Non-security issues fixed:

- Fix tomcat-digest classpath error (bsc#977410) 
</description>
  <summary>Security update for tomcat</summary>
</patchinfo>