openSUSE: 2025:0058-1 important: tomcat DoS and RCE fixes
opensuse
January 10, 2025
An update that solves three vulnerabilities can now be installed.
Description
This update for tomcat fixes the following issues:
Update to Tomcat 9.0.98
* Fixed CVEs:
* CVE-2024-54677: DoS in examples web application (bsc#1234664)
* CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)
* CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)
* Catalina
* Add: Add option to serve resources from subpath only with WebDAV Servlet
like with DefaultServlet. (michaelo)
* Fix: Add special handling for the protocols attribute of SSLHostConfig in
storeconfig. (remm)
* Fix: 69442: Fix case sensitive check on content-type when parsing request
parameters. (remm)
* Code: Refactor duplicate code for extracting media type and subtype from
content-type into a single method. (markt)
* Fix: Compatibility of generated embedded code with components where
constructors or property related methods throw a checked exception. (remm)
* Fix: The previous fix for inconsistent resource metadata during concurrent
...
Read the Full Advisory
Patch
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-58=1
* Web and Scripting Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-58=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-58=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-58=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-58=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-58=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-58=1
* SUSE Linux...
Read the Full AdvisoryPackage List
* openSUSE Leap 15.6 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-docs-webapp-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-embed-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* tomcat-jsvc-9.0.98-150200.74.1
* tomcat-javadoc-9.0.98-150200.74.1
* Web and Scripting Module 15-SP6 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
*...
Read the Full AdvisoryReferences
* bsc#1233435
* bsc#1234663
* bsc#1234664
## References:
* https://www.suse.com/security/cve/CVE-2024-50379.html
* https://www.suse.com/security/cve/CVE-2024-52317.html
* https://www.suse.com/security/cve/CVE-2024-54677.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233435
* https://bugzilla.suse.com/show_bug.cgi?id=1234663
* https://bugzilla.suse.com/show_bug.cgi?id=1234664
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2025:0058-1
Release Date: 2025-01-10T07:35:34Z
Affected Products:
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Server 4.3
* Web and Scripting Module 15-SP6
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!