SUSE-SU-2018:0817-1

Description of the patch:

This update for tomcat fixes the following issues:

Security issues fixed:

• CVE-2018-1305: Fixed late application of security constraints that can lead to resource exposure for unauthorised users (bsc#1082481).
• CVE-2018-1304: Fixed incorrect handling of empty string URL in security constraints that can lead to unitended exposure of resources (bsc#1082480).
• CVE-2017-15706: Fixed incorrect documentation of CGI Servlet search algorithm that may lead to misconfiguration (bsc#1078677).