When does release Tomcat 7.0.90 in CentOS?

Support for security such as Firewalls and securing linux
Post Reply
peaceB
Posts: 1
Joined: 2018/11/16 01:08:21

When does release Tomcat 7.0.90 in CentOS?

Post by peaceB » 2018/11/16 01:15:01

Apache Tomcat has several security vulnerability which is announced from Apache, and it handled in Tomcat 7.0.90 for CentOS 7.
  • CVE-2018-1336 Apache Tomcat - Denial of Service [0]
  • CVE-2018-8034 Apache Tomcat - Security Constraint Bypass [1]
However, CentOS 7 available until Tomcat 7.0.76 [2]
Someone knows about the plan when it will be released?

[0] https://mail-archives.apache.org/mod_mb ... che.org%3E
[1] https://mail-archives.apache.org/mod_mb ... che.org%3E
[2] https://pkgs.org/download/tomcat

Best,

User avatar
avij
Forum Moderator
Posts: 2766
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: When does release Tomcat 7.0.90 in CentOS?

Post by avij » 2018/11/16 01:53:50

You should read the backporting page to give you some background on how fixes are incorporated in RHEL/CentOS. In short, it is more likely that fixes to vulnerabilities and important bugs are backported to the older version, instead of rebasing to the newest bleeding edge version.

For the two CVEs:
https://access.redhat.com/security/cve/cve-2018-1336 -- fixed in tomcat-7.0.76-8.el7_5, released by CentOS about a month ago.
https://access.redhat.com/security/cve/cve-2018-8034 -- not fixed yet, but depending on your application, it may be possible that you won't hit this issue at all. A future update to tomcat may fix this issue.

Post Reply