Bug 1607591 (CVE-2018-1336)
Summary: | CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | aileenc, alazarot, alee, anstephe, aogburn, avibelli, bgeorges, bmaxwell, cdewolf, chazlett, chris.snell, coolsvap, csutherl, darran.lofthouse, dchong, dimitris, dosoudil, drieden, etirelli, fgavrilo, gvarsami, gzaronik, hhorak, ibek, igreen, ikanello, ivan.afonichev, java-sig-commits, jawilson, jbalunas, jclere, jcoleman, jdoyle, jolee, jondruse, jorton, jpallich, jschatte, jshepherd, jstastny, kconner, krathod, krzysztof.daniel, kverlaen, ldimaggi, lgao, loleary, lpetrovi, lthon, mbabacek, mhatanak, mizdebsk, mszynkie, myarboro, nwallace, paradhya, pgallagh, pgier, pjurak, ppalaga, psakar, pslavice, rmaucher, rnetuka, rrajasek, rruss, rstancel, rsvoboda, rsynek, rwagner, rzhang, sdaley, spinder, sstavrev, tcunning, theute, tkirby, trogers, twalsh, vhalbert, vtunka, weli, yozone, zmiele |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | tomcat 8.0.52, tomcat 8.5.31, tomcat 9.0.8, tomcat 7.0.88 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-10 10:33:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1608607, 1608608, 1608655, 1608656, 1614559, 1614560, 1624929, 1624931 | ||
Bug Blocks: | 1607593 |
Description
Pedro Sampaio
2018-07-23 19:29:47 UTC
Statement: Fuse 6.3 and 7 standalone distributions ship but do not use tomcat, and as such are not affected by this flaw; however, Fuse Integration Services 2.0 and Fuse 7 on OpenShift provide the affected artifacts via their respective maven repositories, and will provide fixes for this issue in a future release. Created tomcat tracking bugs for this issue: Affects: epel-all [bug 1624931] Affects: fedora-all [bug 1624929] This issue has been addressed in the following products: Red Hat JBoss Web Server Via RHSA-2018:2700 https://access.redhat.com/errata/RHSA-2018:2700 This issue has been addressed in the following products: Red Hat JBoss Web Server 3 for RHEL 7 Red Hat JBoss Web Server 3 for RHEL 6 Via RHSA-2018:2701 https://access.redhat.com/errata/RHSA-2018:2701 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2018:2740 https://access.redhat.com/errata/RHSA-2018:2740 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Via RHSA-2018:2741 https://access.redhat.com/errata/RHSA-2018:2741 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Via RHSA-2018:2742 https://access.redhat.com/errata/RHSA-2018:2742 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2018:2743 https://access.redhat.com/errata/RHSA-2018:2743 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2921 https://access.redhat.com/errata/RHSA-2018:2921 This issue has been addressed in the following products: Red Hat JBoss Operations Network Via RHSA-2018:2930 https://access.redhat.com/errata/RHSA-2018:2930 This issue has been addressed in the following products: Red Hat Fuse Intergration Services 2.0 based on Fuse 6.3 R8 Via RHSA-2018:2939 https://access.redhat.com/errata/RHSA-2018:2939 This issue has been addressed in the following products: Red Hat Openshift Application Runtimes (text-only advisories) Via RHSA-2018:2945 https://access.redhat.com/errata/RHSA-2018:2945 Oops https://bugzilla.redhat.com/show_bug.cgi?id=1608656 it was fixed in 6.4.21 This issue has been addressed in the following products: Red Hat Fuse 7.2 Via RHSA-2018:3768 https://access.redhat.com/errata/RHSA-2018:3768 |