Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

openSUSE Leap 16.0 Tomcat Important Issues Fixed 20350-1

opensuse
Calendar Grey March 14, 2026
Dist Opensuse Esm H88
Addressing three important vulnerabilities in openSUSE's tomcat, including input validation and revocation issues. Immediate action is advised.
An update that solves 3 vulnerabilities and has 4 bug fixes can now be installed.

Description

This update for tomcat fixes the following issues:

Update to Tomcat 9.0.115:

- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).

- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).

- CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387).

* Catalina

+ Fix: 69623: Additional fix for the long standing regression that meant

that calls to ClassLoader.getResource().getContent() failed when made from

within a web application with resource caching enabled if the target

resource was packaged in a JAR file. (markt)

+ Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the

CsrfPreventionFilter. (schultz)

+ Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2

requests when the content-length header is not set. (dsoumis)

+ Update: Update the minimum and recommended versions for Tomcat Native to

1.3.4. (markt)

+ Add: Add a new...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory important input validation tomcat Certificate Revocation OpenSUSE

Patch

Package List

- openSUSE Leap 16.0:

tomcat-9.0.115-160000.1.1

tomcat-admin-webapps-9.0.115-160000.1.1

tomcat-docs-webapp-9.0.115-160000.1.1

tomcat-el-3_0-api-9.0.115-160000.1.1

tomcat-embed-9.0.115-160000.1.1

tomcat-javadoc-9.0.115-160000.1.1

tomcat-jsp-2_3-api-9.0.115-160000.1.1

tomcat-jsvc-9.0.115-160000.1.1

tomcat-lib-9.0.115-160000.1.1

tomcat-servlet-4_0-api-9.0.115-160000.1.1

tomcat-webapps-9.0.115-160000.1.1

References

* bsc#1253460

* bsc#1258371

* bsc#1258385

* bsc#1258387

References:

* https://www.suse.com/security/cve/CVE-2025-66614.html

* https://www.suse.com/security/cve/CVE-2026-24733.html

* https://www.suse.com/security/cve/CVE-2026-24734.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20350-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory important input validation tomcat Certificate Revocation OpenSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here