Tomcat CVE-2014-7810

Support for security such as Firewalls and securing linux
Post Reply
djvanenckevort
Posts: 1
Joined: 2015/06/19 15:17:36

Tomcat CVE-2014-7810

Post by djvanenckevort » 2015/06/19 15:42:11

Red Hat and CentOS usually do back ports to solve vulnerabilities in tomcat. I noticed that http://cve.mitre.org/cgi-bin/cvename.cg ... -2014-7810 has not been listed as back ported to the CentOS tomcat 7 package.

Code: Select all

$ rpm -q --changelog $(rpm -qa | fgrep tomcat) | fgrep CVE | sort -u
- Related: CVE-2013-4286
- Related: CVE-2013-4286. increment build number. missed doing
- Related: CVE-2013-4322
- Related: CVE-2014-0050
- Resolves: CVE-2013-4286
- Resolves: CVE-2013-4322
- Resolves: CVE-2014-0050
- Resolves: CVE-2014-0075
- Resolves: CVE-2014-0096
- Resolves: CVE-2014-0099
- Resovles: CVE-2014-0227
The RHSA related http://www.redhat.com/archives/rhsa-ann ... 00009.html to the package lists CVE-2014-0227 as a single issue being fixed.

Is a back port of CVE-2014-7810 under evaluation?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Tomcat CVE-2014-7810

Post by TrevorH » 2015/06/19 18:50:09

Start with https://access.redhat.com/security/cve/CVE-2014-7810 and click the link to the bugzilla entry near the top. It has all the status in that that anyone outside of Redhat knows :-(
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply