Advisories ยป MGASA-2018-0150

Updated tomcat-native package fixes security vulnerability

Publication date: 28 Feb 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-15698


When parsing the AIA-Extension field of a client certificate, Apache
Tomcat Native did not correctly handle fields longer than 127 bytes. The
result of the parsing error was to skip the OCSP check. It was therefore
possible for client certificates that should have been rejected (if the
OCSP check had been made) to be accepted. Users not using OCSP checks
are not affected by this vulnerability (CVE-2017-15698).