Oracle Linux 6264 Published by

Updated tomcat packages has been released for Oracle Linux:

ELSA-2017-3080 Important: Oracle Linux 6 tomcat6 security update
ELSA-2017-3081 Important: Oracle Linux 7 tomcat security update



ELSA-2017-3080 Important: Oracle Linux 6 tomcat6 security update

Oracle Linux Security Advisory ELSA-2017-3080

http://linux.oracle.com/errata/ELSA-2017-3080.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
tomcat6-6.0.24-111.el6_9.noarch.rpm
tomcat6-admin-webapps-6.0.24-111.el6_9.noarch.rpm
tomcat6-docs-webapp-6.0.24-111.el6_9.noarch.rpm
tomcat6-el-2.1-api-6.0.24-111.el6_9.noarch.rpm
tomcat6-javadoc-6.0.24-111.el6_9.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-111.el6_9.noarch.rpm
tomcat6-lib-6.0.24-111.el6_9.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-111.el6_9.noarch.rpm
tomcat6-webapps-6.0.24-111.el6_9.noarch.rpm

x86_64:
tomcat6-6.0.24-111.el6_9.noarch.rpm
tomcat6-admin-webapps-6.0.24-111.el6_9.noarch.rpm
tomcat6-docs-webapp-6.0.24-111.el6_9.noarch.rpm
tomcat6-el-2.1-api-6.0.24-111.el6_9.noarch.rpm
tomcat6-javadoc-6.0.24-111.el6_9.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-111.el6_9.noarch.rpm
tomcat6-lib-6.0.24-111.el6_9.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-111.el6_9.noarch.rpm
tomcat6-webapps-6.0.24-111.el6_9.noarch.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/tomcat6-6.0.24-111.el6_9.src.rpm



Description of changes:

[0:6.0.24-111]
- Resolves: rhbz#1498345 CVE-2017-12615 CVE-2017-12617 tomcat6: various
flaws

[0:6.0.24-110]
- Resolves: rhbz#1461292 CVE-2017-5664 tomcat6: tomcat: Security
constrained bypass in error page mechanism

[0:6.0.24-109]
- Resolves: rhbz#1461851 The tomcat6 build is incompatible with the ECJ
update

[0:6.0.24-106]
- Resolves: rhbz#1441478 CVE-2017-5647 tomcat6: tomcat: Incorrect
handling of pipelined requests when send file was used


ELSA-2017-3081 Important: Oracle Linux 7 tomcat security update

Oracle Linux Security Advisory ELSA-2017-3081

http://linux.oracle.com/errata/ELSA-2017-3081.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
tomcat-7.0.76-3.el7_4.noarch.rpm
tomcat-admin-webapps-7.0.76-3.el7_4.noarch.rpm
tomcat-docs-webapp-7.0.76-3.el7_4.noarch.rpm
tomcat-el-2.2-api-7.0.76-3.el7_4.noarch.rpm
tomcat-javadoc-7.0.76-3.el7_4.noarch.rpm
tomcat-jsp-2.2-api-7.0.76-3.el7_4.noarch.rpm
tomcat-jsvc-7.0.76-3.el7_4.noarch.rpm
tomcat-lib-7.0.76-3.el7_4.noarch.rpm
tomcat-servlet-3.0-api-7.0.76-3.el7_4.noarch.rpm
tomcat-webapps-7.0.76-3.el7_4.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/tomcat-7.0.76-3.el7_4.src.rpm



Description of changes:

[0:7.0.76-3]
- Resolves: rhbz#1498344 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws
- Resolves: rhbz#1495654 CVE-2017-7674 tomcat: Vary header not added by
CORS filter leading to cache poisoning
- Resolves: rhbz#1470596 CVE-2017-5647 Add follow up revision