Updated tomcat packages fix security vulnerability
Publication date: 10 Jan 2021Modification date: 10 Jan 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-17527
Description
While investigating Apache issue 64830 it was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests (CVE-2020-17527). The tomcat package has been updated to version 9.0.39, and patched to fix this issue.
References
SRPMS
7/core
- tomcat-9.0.39-1.mga7