Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

openSUSE Leap 16.0 Tomcat Critical DoS Risk openSUSE-SU-2026-20446-3

opensuse
Calendar Grey April 2, 2026
Dist Opensuse Esm H88
An important update for openSUSE addresses 6 issues in Tomcat with a focus on security and stability improvements.
An update that solves 6 vulnerabilities and has 7 bug fixes can now be installed.

Description

This update for tomcat10 fixes the following issues:

Update to Tomcat 10.1.52:

- CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).

- CVE-2025-55754: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat

(bsc#1252905).

- CVE-2025-61795: temporary copies during the processing of multipart upload can lead to a denial of service

(bsc#1252756).

- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).

- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).

- CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387).

Changelog:

+ Fix: 69623: Additional fix for the long standing regression that meant

that calls to ClassLoader.getResource().getContent() failed when made from

within a web application with resource caching enabled if the target

resource was packaged in a JAR file....

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

tomcat10-10.1.52-160000.1.1

tomcat10-admin-webapps-10.1.52-160000.1.1

tomcat10-doc-10.1.52-160000.1.1

tomcat10-docs-webapp-10.1.52-160000.1.1

tomcat10-el-5_0-api-10.1.52-160000.1.1

tomcat10-embed-10.1.52-160000.1.1

tomcat10-jsp-3_1-api-10.1.52-160000.1.1

tomcat10-jsvc-10.1.52-160000.1.1

tomcat10-lib-10.1.52-160000.1.1

tomcat10-servlet-6_0-api-10.1.52-160000.1.1

tomcat10-webapps-10.1.52-160000.1.1

References

* bsc#1252753

* bsc#1252756

* bsc#1252905

* bsc#1253460

* bsc#1258371

* bsc#1258385

* bsc#1258387

References:

* https://www.suse.com/security/cve/CVE-2025-55752.html

* https://www.suse.com/security/cve/CVE-2025-55754.html

* https://www.suse.com/security/cve/CVE-2025-61795.html

* https://www.suse.com/security/cve/CVE-2025-66614.html

* https://www.suse.com/security/cve/CVE-2026-24733.html

* https://www.suse.com/security/cve/CVE-2026-24734.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20444-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.