Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
patchinfo.2901
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.2901
<patchinfo incident="2901"> <issue id="986359" tracker="bnc">VUL-0: CVE-2016-3092: tomcat6,tomcat5,tomcat: Usage of vulnerable FileUpload package can result in denial of service</issue> <issue id="988489" tracker="bnc">VUL-0: CVE-2016-5388: tomcat: Setting HTTP_PROXY environment variable via Proxy header (httpoxy)</issue> <issue id="1033447" tracker="bnc">VUL-0: CVE-2017-5648: tomcat: [SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure</issue> <issue id="1033448" tracker="bnc">VUL-0: CVE-2017-5647: tomcat: [SECURITY] CVE-2017-5647 Apache Tomcat Information Disclosure</issue> <issue id="1007854" tracker="bnc">VUL-1: CVE-2016-0762: tomcat: Realm Timing Attack</issue> <issue id="1007855" tracker="bnc">VUL-1: CVE-2016-5018: tomcat: Security Manager Bypass</issue> <issue id="1007857" tracker="bnc">VUL-0: CVE-2016-6794: tomcat: System Property Disclosure</issue> <issue id="1007858" tracker="bnc">VUL-1: CVE-2016-6796: tomcat: Security Manager Bypass</issue> <issue id="1007853" tracker="bnc">VUL-1: CVE-2016-6797: tomcat: Unrestricted Access to Global Resources</issue> <issue id="1011812" tracker="bnc">VUL-0: CVE-2016-6816: tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests</issue> <issue id="1011805" tracker="bnc">VUL-0: CVE-2016-8735: tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener</issue> <issue id="1015119" tracker="bnc">VUL-0: CVE-2016-8745: tomcat: Apache Tomcat Information Disclosure</issue> <issue id="2016-0762" tracker="cve" /> <issue id="2016-3092" tracker="cve" /> <issue id="2016-5018" tracker="cve" /> <issue id="2016-5388" tracker="cve" /> <issue id="2016-6794" tracker="cve" /> <issue id="2016-6796" tracker="cve" /> <issue id="2016-6797" tracker="cve" /> <issue id="2016-6816" tracker="cve" /> <issue id="2016-8735" tracker="cve" /> <issue id="2016-8745" tracker="cve" /> <issue id="2017-5647" tracker="cve" /> <issue id="2017-5648" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>malbu</packager> <description> Tomcat was updated to version 7.0.78, fixing various bugs and security issues. For full details see https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Security issues fixed: - CVE-2016-0762: A realm timing attack in tomcat was fixed which could disclose existence of users (bsc#1007854) - CVE-2016-3092: Usage of vulnerable FileUpload package could have resulted in denial of service (bsc#986359) - CVE-2016-5018: A security manager bypass via a Tomcat utility method that was accessible to web applications was fixed. (bsc#1007855) - CVE-2016-5388: Setting HTTP_PROXY environment variable via Proxy header (bsc#988489) - CVE-2016-6794: A tomcat system property disclosure was fixed. (bsc#1007857) - CVE-2016-6796: A tomcat security manager bypass via manipulation of the configuration parameters for the JSP Servlet. (bsc#1007858) - CVE-2016-6797: A tomcat unrestricted access to global resources via ResourceLinkFactory was fixed. (bsc#1007853) - CVE-2016-6816: A HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests was fixed. (bsc#1011812) - CVE-2016-8735: A Remote code execution vulnerability in JmxRemoteLifecycleListener was fixed (bsc#1011805) - CVE-2016-8745: A Tomcat Information Disclosure in the error handling of send file code for the NIO HTTP connector was fixed. (bsc#1015119) - CVE-2017-5647: A tomcat information disclosure in pipelined request processing was fixed. (bsc#1033448) - CVE-2017-5648: A tomcat information disclosure due to using incorrect facade objects was fixed (bsc#1033447) </description> <summary>Security update for tomcat</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor