Support for security such as Firewalls and securing linux
- Retired Moderator
- Posts: 3039
- Joined: 2010/12/01 19:25:52
- Location: Helsinki, Finland
You should read the backporting page
to give you some background on how fixes are incorporated in RHEL/CentOS. In short, it is more likely that fixes to vulnerabilities and important bugs are backported to the older version, instead of rebasing to the newest bleeding edge version.
For the two CVEs:
-- fixed in tomcat-7.0.76-8.el7_5, released by CentOS about a month ago.
-- not fixed yet, but depending on your application, it may be possible that you won't hit this issue at all. A future update to tomcat may fix this issue.