tomcat-8.0.37-3.fc23

This updates includes a rebase from tomcat 8.0.36 up to 8.0.37 which resolves one CVE:

* rhbz#1375581 – CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header

and includes two additional CVE fixes along with one bug fix:

* rhbz#1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service
* rhbz#1383216 – CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation
* rhbz#1370262 – catalina.out is no longer in use in the main package, but still gets rotated

Leave a Reply