Security Advisory Moderate: tomcat security update

Advisory: RHSA-2017:0935-1
Type: Security Advisory
Severity: Moderate
Issued on: 2017-04-12
Last updated on: 2017-04-12
Affected Products: Red Hat Enterprise Linux Desktop (v. 7)
Red Hat Enterprise Linux HPC Node (v. 7)
Red Hat Enterprise Linux Server (v. 7)
Red Hat Enterprise Linux Server TUS (v. 7.3)
Red Hat Enterprise Linux Workstation (v. 7)
CVEs (cve.mitre.org): CVE-2016-6816
CVE-2016-8745

Details

An update for tomcat is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages
(JSP) technologies.

Security Fix(es):

* It was discovered that the code that parsed the HTTP request line permitted
invalid characters. This could be exploited, in conjunction with a proxy that
also permitted the invalid characters but with a different interpretation, to
inject data into the HTTP response. By manipulating the HTTP response the
attacker could poison a web-cache, perform an XSS attack, or obtain sensitive
information from requests other then their own. (CVE-2016-6816)

Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when
request contains characters that are not permitted by the HTTP specification to
appear not encoded, even though they were previously accepted. The newly
introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow
can be used to configure Tomcat to accept curly braces ({ and }) and the pipe
symbol (|) in not encoded form, as these are often used in URLs without being
properly encoded.

* A bug was discovered in the error handling of the send file code for the NIO
HTTP connector. This led to the current Processor object being added to the
Processor cache multiple times allowing information leakage between requests
including, and not limited to, session ID and the response body. (CVE-2016-8745)


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
tomcat-7.0.69-11.el7_3.src.rpm     MD5: 62660b71e56c56f79ddb7ed0902448fe
SHA-256: f8b0edfcac0fae64c3062de4a4caf9f1ec3059c6f55ed5da4c61867170d5937d
 
x86_64:
tomcat-7.0.69-11.el7_3.noarch.rpm     MD5: 5ede9734cc080ac3aa5472f83ce00c3b
SHA-256: 21e75d727d590a4450cb43e8940b7c9ea183640e679ff97179e77fb2a09ea822
tomcat-admin-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 9e2a6736ced9a7e75fc08ace6729c35d
SHA-256: b58e8b01bd1e898a4cb1408ab58c850138e53b65f3e32dbebc2583b78eb1bc29
tomcat-docs-webapp-7.0.69-11.el7_3.noarch.rpm     MD5: 358bd536b29866bae1a400a70331a01f
SHA-256: 56f7c7c85bb67f007f221afeb50d03e8ad8d25b9c6390b5df6df6bd1d945581d
tomcat-el-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 9ff36205532b520555641b0762b9465c
SHA-256: ad2b118afd1fa01fa76627c2867c13ed1d2be10cfe738818e07f8b20b76ee235
tomcat-javadoc-7.0.69-11.el7_3.noarch.rpm     MD5: 9459588d83e76ead900b8321f7d5385d
SHA-256: 0788e2a84fc27ce1e2270796dbafe03ca1a42e834c48d22716bfee0ef88c477d
tomcat-jsp-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 04e2c65b32d51ca2363ba49e10ad303a
SHA-256: efa9aab33ffba4018b2b91fd1a1f91b887a1e093e9d5d120f674577c6a4ec503
tomcat-jsvc-7.0.69-11.el7_3.noarch.rpm     MD5: 634f1309602eb4661b725bddd9363b34
SHA-256: 701f8b32e42bffb32e8b29582698ec8f5d9d0f0519e0497fe5f90cfd984ddcd9
tomcat-lib-7.0.69-11.el7_3.noarch.rpm     MD5: 83745f47d81bcea57584371214dde2a0
SHA-256: 65f92065214f2f70d8d3938a64b15f183e7217097d65a4ba36a2f433bab361a9
tomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch.rpm     MD5: c1199cfa20db7383645df7d385641966
SHA-256: a4872cb76fa3e4cac99612602b59093c063a4d288fc1297c14c6bbe29fa4ab4e
tomcat-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 88b187b904042476a98411fb5776b2c3
SHA-256: 7bf60450bc0623b8756bca0c50bc69a5e68a7644b28256ef23eaef90dfd565fe
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
tomcat-7.0.69-11.el7_3.src.rpm     MD5: 62660b71e56c56f79ddb7ed0902448fe
SHA-256: f8b0edfcac0fae64c3062de4a4caf9f1ec3059c6f55ed5da4c61867170d5937d
 
x86_64:
tomcat-7.0.69-11.el7_3.noarch.rpm     MD5: 5ede9734cc080ac3aa5472f83ce00c3b
SHA-256: 21e75d727d590a4450cb43e8940b7c9ea183640e679ff97179e77fb2a09ea822
tomcat-admin-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 9e2a6736ced9a7e75fc08ace6729c35d
SHA-256: b58e8b01bd1e898a4cb1408ab58c850138e53b65f3e32dbebc2583b78eb1bc29
tomcat-docs-webapp-7.0.69-11.el7_3.noarch.rpm     MD5: 358bd536b29866bae1a400a70331a01f
SHA-256: 56f7c7c85bb67f007f221afeb50d03e8ad8d25b9c6390b5df6df6bd1d945581d
tomcat-el-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 9ff36205532b520555641b0762b9465c
SHA-256: ad2b118afd1fa01fa76627c2867c13ed1d2be10cfe738818e07f8b20b76ee235
tomcat-javadoc-7.0.69-11.el7_3.noarch.rpm     MD5: 9459588d83e76ead900b8321f7d5385d
SHA-256: 0788e2a84fc27ce1e2270796dbafe03ca1a42e834c48d22716bfee0ef88c477d
tomcat-jsp-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 04e2c65b32d51ca2363ba49e10ad303a
SHA-256: efa9aab33ffba4018b2b91fd1a1f91b887a1e093e9d5d120f674577c6a4ec503
tomcat-jsvc-7.0.69-11.el7_3.noarch.rpm     MD5: 634f1309602eb4661b725bddd9363b34
SHA-256: 701f8b32e42bffb32e8b29582698ec8f5d9d0f0519e0497fe5f90cfd984ddcd9
tomcat-lib-7.0.69-11.el7_3.noarch.rpm     MD5: 83745f47d81bcea57584371214dde2a0
SHA-256: 65f92065214f2f70d8d3938a64b15f183e7217097d65a4ba36a2f433bab361a9
tomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch.rpm     MD5: c1199cfa20db7383645df7d385641966
SHA-256: a4872cb76fa3e4cac99612602b59093c063a4d288fc1297c14c6bbe29fa4ab4e
tomcat-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 88b187b904042476a98411fb5776b2c3
SHA-256: 7bf60450bc0623b8756bca0c50bc69a5e68a7644b28256ef23eaef90dfd565fe
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
tomcat-7.0.69-11.el7_3.src.rpm     MD5: 62660b71e56c56f79ddb7ed0902448fe
SHA-256: f8b0edfcac0fae64c3062de4a4caf9f1ec3059c6f55ed5da4c61867170d5937d
 
PPC:
tomcat-7.0.69-11.el7_3.noarch.rpm     MD5: 5ede9734cc080ac3aa5472f83ce00c3b
SHA-256: 21e75d727d590a4450cb43e8940b7c9ea183640e679ff97179e77fb2a09ea822
tomcat-admin-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 9e2a6736ced9a7e75fc08ace6729c35d
SHA-256: b58e8b01bd1e898a4cb1408ab58c850138e53b65f3e32dbebc2583b78eb1bc29
tomcat-docs-webapp-7.0.69-11.el7_3.noarch.rpm     MD5: 358bd536b29866bae1a400a70331a01f
SHA-256: 56f7c7c85bb67f007f221afeb50d03e8ad8d25b9c6390b5df6df6bd1d945581d
tomcat-el-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 9ff36205532b520555641b0762b9465c
SHA-256: ad2b118afd1fa01fa76627c2867c13ed1d2be10cfe738818e07f8b20b76ee235
tomcat-javadoc-7.0.69-11.el7_3.noarch.rpm     MD5: 9459588d83e76ead900b8321f7d5385d
SHA-256: 0788e2a84fc27ce1e2270796dbafe03ca1a42e834c48d22716bfee0ef88c477d
tomcat-jsp-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 04e2c65b32d51ca2363ba49e10ad303a
SHA-256: efa9aab33ffba4018b2b91fd1a1f91b887a1e093e9d5d120f674577c6a4ec503
tomcat-jsvc-7.0.69-11.el7_3.noarch.rpm     MD5: 634f1309602eb4661b725bddd9363b34
SHA-256: 701f8b32e42bffb32e8b29582698ec8f5d9d0f0519e0497fe5f90cfd984ddcd9
tomcat-lib-7.0.69-11.el7_3.noarch.rpm     MD5: 83745f47d81bcea57584371214dde2a0
SHA-256: 65f92065214f2f70d8d3938a64b15f183e7217097d65a4ba36a2f433bab361a9
tomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch.rpm     MD5: c1199cfa20db7383645df7d385641966
SHA-256: a4872cb76fa3e4cac99612602b59093c063a4d288fc1297c14c6bbe29fa4ab4e
tomcat-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 88b187b904042476a98411fb5776b2c3
SHA-256: 7bf60450bc0623b8756bca0c50bc69a5e68a7644b28256ef23eaef90dfd565fe
 
PPC64LE:
tomcat-7.0.69-11.el7_3.noarch.rpm     MD5: 5ede9734cc080ac3aa5472f83ce00c3b
SHA-256: 21e75d727d590a4450cb43e8940b7c9ea183640e679ff97179e77fb2a09ea822
tomcat-admin-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 9e2a6736ced9a7e75fc08ace6729c35d
SHA-256: b58e8b01bd1e898a4cb1408ab58c850138e53b65f3e32dbebc2583b78eb1bc29
tomcat-docs-webapp-7.0.69-11.el7_3.noarch.rpm     MD5: 358bd536b29866bae1a400a70331a01f
SHA-256: 56f7c7c85bb67f007f221afeb50d03e8ad8d25b9c6390b5df6df6bd1d945581d
tomcat-el-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 9ff36205532b520555641b0762b9465c
SHA-256: ad2b118afd1fa01fa76627c2867c13ed1d2be10cfe738818e07f8b20b76ee235
tomcat-javadoc-7.0.69-11.el7_3.noarch.rpm     MD5: 9459588d83e76ead900b8321f7d5385d
SHA-256: 0788e2a84fc27ce1e2270796dbafe03ca1a42e834c48d22716bfee0ef88c477d
tomcat-jsp-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 04e2c65b32d51ca2363ba49e10ad303a
SHA-256: efa9aab33ffba4018b2b91fd1a1f91b887a1e093e9d5d120f674577c6a4ec503
tomcat-jsvc-7.0.69-11.el7_3.noarch.rpm     MD5: 634f1309602eb4661b725bddd9363b34
SHA-256: 701f8b32e42bffb32e8b29582698ec8f5d9d0f0519e0497fe5f90cfd984ddcd9
tomcat-lib-7.0.69-11.el7_3.noarch.rpm     MD5: 83745f47d81bcea57584371214dde2a0
SHA-256: 65f92065214f2f70d8d3938a64b15f183e7217097d65a4ba36a2f433bab361a9
tomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch.rpm     MD5: c1199cfa20db7383645df7d385641966
SHA-256: a4872cb76fa3e4cac99612602b59093c063a4d288fc1297c14c6bbe29fa4ab4e
tomcat-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 88b187b904042476a98411fb5776b2c3
SHA-256: 7bf60450bc0623b8756bca0c50bc69a5e68a7644b28256ef23eaef90dfd565fe
 
s390x:
tomcat-7.0.69-11.el7_3.noarch.rpm     MD5: 5ede9734cc080ac3aa5472f83ce00c3b
SHA-256: 21e75d727d590a4450cb43e8940b7c9ea183640e679ff97179e77fb2a09ea822
tomcat-admin-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 9e2a6736ced9a7e75fc08ace6729c35d
SHA-256: b58e8b01bd1e898a4cb1408ab58c850138e53b65f3e32dbebc2583b78eb1bc29
tomcat-docs-webapp-7.0.69-11.el7_3.noarch.rpm     MD5: 358bd536b29866bae1a400a70331a01f
SHA-256: 56f7c7c85bb67f007f221afeb50d03e8ad8d25b9c6390b5df6df6bd1d945581d
tomcat-el-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 9ff36205532b520555641b0762b9465c
SHA-256: ad2b118afd1fa01fa76627c2867c13ed1d2be10cfe738818e07f8b20b76ee235
tomcat-javadoc-7.0.69-11.el7_3.noarch.rpm     MD5: 9459588d83e76ead900b8321f7d5385d
SHA-256: 0788e2a84fc27ce1e2270796dbafe03ca1a42e834c48d22716bfee0ef88c477d
tomcat-jsp-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 04e2c65b32d51ca2363ba49e10ad303a
SHA-256: efa9aab33ffba4018b2b91fd1a1f91b887a1e093e9d5d120f674577c6a4ec503
tomcat-jsvc-7.0.69-11.el7_3.noarch.rpm     MD5: 634f1309602eb4661b725bddd9363b34
SHA-256: 701f8b32e42bffb32e8b29582698ec8f5d9d0f0519e0497fe5f90cfd984ddcd9
tomcat-lib-7.0.69-11.el7_3.noarch.rpm     MD5: 83745f47d81bcea57584371214dde2a0
SHA-256: 65f92065214f2f70d8d3938a64b15f183e7217097d65a4ba36a2f433bab361a9
tomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch.rpm     MD5: c1199cfa20db7383645df7d385641966
SHA-256: a4872cb76fa3e4cac99612602b59093c063a4d288fc1297c14c6bbe29fa4ab4e
tomcat-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 88b187b904042476a98411fb5776b2c3
SHA-256: 7bf60450bc0623b8756bca0c50bc69a5e68a7644b28256ef23eaef90dfd565fe
 
x86_64:
tomcat-7.0.69-11.el7_3.noarch.rpm     MD5: 5ede9734cc080ac3aa5472f83ce00c3b
SHA-256: 21e75d727d590a4450cb43e8940b7c9ea183640e679ff97179e77fb2a09ea822
tomcat-admin-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 9e2a6736ced9a7e75fc08ace6729c35d
SHA-256: b58e8b01bd1e898a4cb1408ab58c850138e53b65f3e32dbebc2583b78eb1bc29
tomcat-docs-webapp-7.0.69-11.el7_3.noarch.rpm     MD5: 358bd536b29866bae1a400a70331a01f
SHA-256: 56f7c7c85bb67f007f221afeb50d03e8ad8d25b9c6390b5df6df6bd1d945581d
tomcat-el-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 9ff36205532b520555641b0762b9465c
SHA-256: ad2b118afd1fa01fa76627c2867c13ed1d2be10cfe738818e07f8b20b76ee235
tomcat-javadoc-7.0.69-11.el7_3.noarch.rpm     MD5: 9459588d83e76ead900b8321f7d5385d
SHA-256: 0788e2a84fc27ce1e2270796dbafe03ca1a42e834c48d22716bfee0ef88c477d
tomcat-jsp-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 04e2c65b32d51ca2363ba49e10ad303a
SHA-256: efa9aab33ffba4018b2b91fd1a1f91b887a1e093e9d5d120f674577c6a4ec503
tomcat-jsvc-7.0.69-11.el7_3.noarch.rpm     MD5: 634f1309602eb4661b725bddd9363b34
SHA-256: 701f8b32e42bffb32e8b29582698ec8f5d9d0f0519e0497fe5f90cfd984ddcd9
tomcat-lib-7.0.69-11.el7_3.noarch.rpm     MD5: 83745f47d81bcea57584371214dde2a0
SHA-256: 65f92065214f2f70d8d3938a64b15f183e7217097d65a4ba36a2f433bab361a9
tomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch.rpm     MD5: c1199cfa20db7383645df7d385641966
SHA-256: a4872cb76fa3e4cac99612602b59093c063a4d288fc1297c14c6bbe29fa4ab4e
tomcat-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 88b187b904042476a98411fb5776b2c3
SHA-256: 7bf60450bc0623b8756bca0c50bc69a5e68a7644b28256ef23eaef90dfd565fe
 
Red Hat Enterprise Linux Server TUS (v. 7.3)

SRPMS:
tomcat-7.0.69-11.el7_3.src.rpm     MD5: 62660b71e56c56f79ddb7ed0902448fe
SHA-256: f8b0edfcac0fae64c3062de4a4caf9f1ec3059c6f55ed5da4c61867170d5937d
 
x86_64:
tomcat-7.0.69-11.el7_3.noarch.rpm     MD5: 5ede9734cc080ac3aa5472f83ce00c3b
SHA-256: 21e75d727d590a4450cb43e8940b7c9ea183640e679ff97179e77fb2a09ea822
tomcat-admin-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 9e2a6736ced9a7e75fc08ace6729c35d
SHA-256: b58e8b01bd1e898a4cb1408ab58c850138e53b65f3e32dbebc2583b78eb1bc29
tomcat-docs-webapp-7.0.69-11.el7_3.noarch.rpm     MD5: 358bd536b29866bae1a400a70331a01f
SHA-256: 56f7c7c85bb67f007f221afeb50d03e8ad8d25b9c6390b5df6df6bd1d945581d
tomcat-el-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 9ff36205532b520555641b0762b9465c
SHA-256: ad2b118afd1fa01fa76627c2867c13ed1d2be10cfe738818e07f8b20b76ee235
tomcat-javadoc-7.0.69-11.el7_3.noarch.rpm     MD5: 9459588d83e76ead900b8321f7d5385d
SHA-256: 0788e2a84fc27ce1e2270796dbafe03ca1a42e834c48d22716bfee0ef88c477d
tomcat-jsp-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 04e2c65b32d51ca2363ba49e10ad303a
SHA-256: efa9aab33ffba4018b2b91fd1a1f91b887a1e093e9d5d120f674577c6a4ec503
tomcat-jsvc-7.0.69-11.el7_3.noarch.rpm     MD5: 634f1309602eb4661b725bddd9363b34
SHA-256: 701f8b32e42bffb32e8b29582698ec8f5d9d0f0519e0497fe5f90cfd984ddcd9
tomcat-lib-7.0.69-11.el7_3.noarch.rpm     MD5: 83745f47d81bcea57584371214dde2a0
SHA-256: 65f92065214f2f70d8d3938a64b15f183e7217097d65a4ba36a2f433bab361a9
tomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch.rpm     MD5: c1199cfa20db7383645df7d385641966
SHA-256: a4872cb76fa3e4cac99612602b59093c063a4d288fc1297c14c6bbe29fa4ab4e
tomcat-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 88b187b904042476a98411fb5776b2c3
SHA-256: 7bf60450bc0623b8756bca0c50bc69a5e68a7644b28256ef23eaef90dfd565fe
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
tomcat-7.0.69-11.el7_3.src.rpm     MD5: 62660b71e56c56f79ddb7ed0902448fe
SHA-256: f8b0edfcac0fae64c3062de4a4caf9f1ec3059c6f55ed5da4c61867170d5937d
 
x86_64:
tomcat-7.0.69-11.el7_3.noarch.rpm     MD5: 5ede9734cc080ac3aa5472f83ce00c3b
SHA-256: 21e75d727d590a4450cb43e8940b7c9ea183640e679ff97179e77fb2a09ea822
tomcat-admin-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 9e2a6736ced9a7e75fc08ace6729c35d
SHA-256: b58e8b01bd1e898a4cb1408ab58c850138e53b65f3e32dbebc2583b78eb1bc29
tomcat-docs-webapp-7.0.69-11.el7_3.noarch.rpm     MD5: 358bd536b29866bae1a400a70331a01f
SHA-256: 56f7c7c85bb67f007f221afeb50d03e8ad8d25b9c6390b5df6df6bd1d945581d
tomcat-el-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 9ff36205532b520555641b0762b9465c
SHA-256: ad2b118afd1fa01fa76627c2867c13ed1d2be10cfe738818e07f8b20b76ee235
tomcat-javadoc-7.0.69-11.el7_3.noarch.rpm     MD5: 9459588d83e76ead900b8321f7d5385d
SHA-256: 0788e2a84fc27ce1e2270796dbafe03ca1a42e834c48d22716bfee0ef88c477d
tomcat-jsp-2.2-api-7.0.69-11.el7_3.noarch.rpm     MD5: 04e2c65b32d51ca2363ba49e10ad303a
SHA-256: efa9aab33ffba4018b2b91fd1a1f91b887a1e093e9d5d120f674577c6a4ec503
tomcat-jsvc-7.0.69-11.el7_3.noarch.rpm     MD5: 634f1309602eb4661b725bddd9363b34
SHA-256: 701f8b32e42bffb32e8b29582698ec8f5d9d0f0519e0497fe5f90cfd984ddcd9
tomcat-lib-7.0.69-11.el7_3.noarch.rpm     MD5: 83745f47d81bcea57584371214dde2a0
SHA-256: 65f92065214f2f70d8d3938a64b15f183e7217097d65a4ba36a2f433bab361a9
tomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch.rpm     MD5: c1199cfa20db7383645df7d385641966
SHA-256: a4872cb76fa3e4cac99612602b59093c063a4d288fc1297c14c6bbe29fa4ab4e
tomcat-webapps-7.0.69-11.el7_3.noarch.rpm     MD5: 88b187b904042476a98411fb5776b2c3
SHA-256: 7bf60450bc0623b8756bca0c50bc69a5e68a7644b28256ef23eaef90dfd565fe
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests
1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/