You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@guacamole.apache.org by "Sven Gottwald (JIRA)" <ji...@apache.org> on 2017/10/10 05:07:00 UTC

[jira] [Created] (GUACAMOLE-410) Update Apache Tomcat due to security isses

Sven Gottwald created GUACAMOLE-410:
---------------------------------------

             Summary: Update Apache Tomcat due to security isses
                 Key: GUACAMOLE-410
                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-410
             Project: Guacamole
          Issue Type: Improvement
          Components: guacamole-docker
    Affects Versions: 0.9.13-incubating
         Environment: Official guacamole docker image https://hub.docker.com/r/guacamole/guacamole/
            Reporter: Sven Gottwald
            Priority: Critical


The official guacamole docker image uses tomcat 8.0.20-jre8. This tomcat Version is outdated and contains several security issues (see [Apache Tomcat 8.x vulnerabilities|http://tomcat.apache.org/security-8.html]). The last issue was [CVE-2017-12617|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12617] which allows remote code execution.

Tomcat should be updated to version 8.0.47 ASAP.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)