Explore top 10 tips to secure your open-source projects now. Read More
×
This update for tomcat10 fixes the following issues:
Update to Tomcat 10.1.52:
- CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753).
- CVE-2025-55754: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat
(bsc#1252905).
- CVE-2025-61795: temporary copies during the processing of multipart upload can lead to a denial of service
(bsc#1252756).
- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).
- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).
- CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387).
Changelog:
+ Fix: 69623: Additional fix for the long standing regression that meant
that calls to ClassLoader.getResource().getContent() failed when made from
within a web application with resource caching enabled if the target
resource was packaged in a JAR file....
Read the Full Advisory- openSUSE Leap 16.0:
tomcat10-10.1.52-160000.1.1
tomcat10-admin-webapps-10.1.52-160000.1.1
tomcat10-doc-10.1.52-160000.1.1
tomcat10-docs-webapp-10.1.52-160000.1.1
tomcat10-el-5_0-api-10.1.52-160000.1.1
tomcat10-embed-10.1.52-160000.1.1
tomcat10-jsp-3_1-api-10.1.52-160000.1.1
tomcat10-jsvc-10.1.52-160000.1.1
tomcat10-lib-10.1.52-160000.1.1
tomcat10-servlet-6_0-api-10.1.52-160000.1.1
tomcat10-webapps-10.1.52-160000.1.1
* bsc#1252753
* bsc#1252756
* bsc#1252905
* bsc#1253460
* bsc#1258371
* bsc#1258385
* bsc#1258387
References:
* https://www.suse.com/security/cve/CVE-2025-55752.html
* https://www.suse.com/security/cve/CVE-2025-55754.html
* https://www.suse.com/security/cve/CVE-2025-61795.html
* https://www.suse.com/security/cve/CVE-2025-66614.html
* https://www.suse.com/security/cve/CVE-2026-24733.html
* https://www.suse.com/security/cve/CVE-2026-24734.html
Get the latest Linux and open source security news straight to your inbox.