22644 – tomcat new security issues CVE-2018-1304 and CVE-2018-1305

Bug 22644 - tomcat new security issues CVE-2018-1304 and CVE-2018-1305

Summary: tomcat new security issues CVE-2018-1304 and CVE-2018-1305

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	Java Stack Maintainers
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:	22503
Blocks:
	Show dependency tree / graph

Reported:	2018-02-24 16:34 CET by David Walser
Modified:	2018-03-01 04:41 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	tomcat-8.0.49-1.mga6.src.rpm
CVE:
Status comment:	Fixed upstream in 8.0.50

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-02-24 16:34:36 CET

Two security issues fixed upstream in Tomcat have been announced on February 23:
http://openwall.com/lists/oss-security/2018/02/23/2
http://openwall.com/lists/oss-security/2018/02/23/1

The issues are fixed upstream in 8.0.50 and 7.0.85.

Mageia 5 and Mageia 6 are also affected (but we don't need to update 5).

David Walser 2018-02-24 16:34:49 CET

Whiteboard: (none) => MGA6TOO
CC: (none) => geiger.david68210

David Walser 2018-02-25 00:00:42 CET

Status comment: (none) => Fixed upstream in 8.0.50

Comment 1 David GEIGER 2018-02-25 00:50:55 CET

Done!

Comment 2 David Walser 2018-02-25 00:56:26 CET

Thanks!  Update in Bug 22503.

Depends on: (none) => 22503
Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6

Comment 3 David Walser 2018-03-01 04:41:23 CET

Fixed in:
https://advisories.mageia.org/MGASA-2018-0149.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.