Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

openSUSE 2026-0890-1 Important Security Fixes for Tomcat10 Released

opensuse
Calendar Grey March 13, 2026
Dist Opensuse Esm H88
Tomcat 10 update on openSUSE addresses three important issues including client certificate validation bypass and more.
An update that solves three vulnerabilities can now be installed.

Description

This update for tomcat10 fixes the following issues:

Update to Tomcat 10.1.52:

* CVE-2025-66614: client certificate verification bypass due to virtual host

mapping (bsc#1258371).

* CVE-2026-24733: improper input validation on HTTP/0.9 requests

(bsc#1258385).

* CVE-2026-24734: certificate revocation bypass due to incomplete OCSP

verification checks (bsc#1258387).

Changelog:

* Catalina

* Fix: 69623: Additional fix for the long standing regression that meant that

calls to ClassLoader.getResource().getContent() failed when made from within

a web application with resource caching enabled if the target resource was

packaged in a JAR file. (markt)

* Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the

CsrfPreventionFilter. (schultz)

* Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2

requests when the content-length header is not set. (dsoumis)

* Update: Enable minimum and recommended Tomcat Native...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory important OpenSUSE certificate bypass client validation http requests

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6

zypper in -t patch openSUSE-SLE-15.6-2026-890=1

* Web and Scripting Module 15-SP7

zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-890=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5

zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-890=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5

zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-890=1

* SUSE Linux Enterprise Server 15 SP5 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-890=1

* SUSE Linux Enterprise Server 15 SP6 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-890=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-890=1

* SUSE Linux Enterprise Server for SAP Applications 15...

Read the Full Advisory

Package List

* openSUSE Leap 15.6 (noarch)

* tomcat10-jsvc-10.1.52-150200.5.61.1

* tomcat10-jsp-3_1-api-10.1.52-150200.5.61.1

* tomcat10-docs-webapp-10.1.52-150200.5.61.1

* tomcat10-lib-10.1.52-150200.5.61.1

* tomcat10-admin-webapps-10.1.52-150200.5.61.1

* tomcat10-servlet-6_0-api-10.1.52-150200.5.61.1

* tomcat10-10.1.52-150200.5.61.1

* tomcat10-doc-10.1.52-150200.5.61.1

* tomcat10-webapps-10.1.52-150200.5.61.1

* tomcat10-embed-10.1.52-150200.5.61.1

* tomcat10-el-5_0-api-10.1.52-150200.5.61.1

* Web and Scripting Module 15-SP7 (noarch)

* tomcat10-jsp-3_1-api-10.1.52-150200.5.61.1

* tomcat10-lib-10.1.52-150200.5.61.1

* tomcat10-servlet-6_0-api-10.1.52-150200.5.61.1

* tomcat10-admin-webapps-10.1.52-150200.5.61.1

* tomcat10-10.1.52-150200.5.61.1

* tomcat10-webapps-10.1.52-150200.5.61.1

* tomcat10-el-5_0-api-10.1.52-150200.5.61.1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)

* tomcat10-jsp-3_1-api-10.1.52-150200.5.61.1

* tomcat10-lib-10.1.52-150200.5.61.1

*...

Read the Full Advisory

References

* bsc#1258371

* bsc#1258385

* bsc#1258387

## References:

* https://www.suse.com/security/cve/CVE-2025-66614.html

* https://www.suse.com/security/cve/CVE-2026-24733.html

* https://www.suse.com/security/cve/CVE-2026-24734.html

* https://bugzilla.suse.com/show_bug.cgi?id=1258371

* https://bugzilla.suse.com/show_bug.cgi?id=1258385

* https://bugzilla.suse.com/show_bug.cgi?id=1258387

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0890-1
Release Date: 2026-03-13T08:57:31Z
Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7

Topics%20covered

Topics Covered

security advisory important OpenSUSE certificate bypass client validation http requests

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here