Advisories » MGASA-2017-0050

Updated tomcat packages fix security vulnerability

Publication date: 18 Feb 2017
Modification date: 18 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-8745

Description

It was discovered that incorrect error handling in the NIO HTTP
connector of the Tomcat servlet and JSP engine could result in
information disclosure (CVE-2016-8745).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20081
• https://www.debian.org/security/2017/dsa-3754
• http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.75
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745

SRPMS

5/core

• tomcat-7.0.75-1.mga5