Fedora 35 tomcat14 Major Security Patch SUSE-SU-2026-0891-2
opensuse
March 12, 2026
An update that solves three vulnerabilities and has one security fix can now be installed.
Description
This update for tomcat11 fixes the following issues:
Update to Tomcat 11.0.18:
* CVE-2025-66614: client certificate verification bypass due to virtual host
mapping (bsc#1258371).
* CVE-2026-24733: improper input validation on HTTP/0.9 requests
(bsc#1258385).
* CVE-2026-24734: certificate revocation bypass due to incomplete OCSP
verification checks (bsc#1258387).
Changelog:
* Catalina
* Fix: 69932: Fix request end access log pattern regression, which would log
the start time of the request instead. (remm)
* Fix: 69623: Additional fix for the long standing regression that meant that
calls to ClassLoader.getResource().getContent() failed when made from within
a web application with resource caching enabled if the target resource was
packaged in a JAR file. (markt)
* Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the
CsrfPreventionFilter. (schultz)
* Fix: 69918: Ensure request parameters are correctly parsed for...
Read the Full Advisory
Topics Covered
Patch
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-877=1 openSUSE-SLE-15.6-2026-877=1
* Web and Scripting Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-877=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-877=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-877=1
Package List
* openSUSE Leap 15.6 (noarch)
* tomcat11-jsp-4_0-api-11.0.18-150600.13.15.1
* tomcat11-embed-11.0.18-150600.13.15.1
* tomcat11-admin-webapps-11.0.18-150600.13.15.1
* tomcat11-11.0.18-150600.13.15.1
* tomcat11-el-6_0-api-11.0.18-150600.13.15.1
* tomcat11-doc-11.0.18-150600.13.15.1
* tomcat11-servlet-6_1-api-11.0.18-150600.13.15.1
* tomcat11-docs-webapp-11.0.18-150600.13.15.1
* tomcat11-jsvc-11.0.18-150600.13.15.1
* tomcat11-lib-11.0.18-150600.13.15.1
* tomcat11-webapps-11.0.18-150600.13.15.1
* Web and Scripting Module 15-SP7 (noarch)
* tomcat11-jsp-4_0-api-11.0.18-150600.13.15.1
* tomcat11-admin-webapps-11.0.18-150600.13.15.1
* tomcat11-11.0.18-150600.13.15.1
* tomcat11-el-6_0-api-11.0.18-150600.13.15.1
* tomcat11-servlet-6_1-api-11.0.18-150600.13.15.1
* tomcat11-lib-11.0.18-150600.13.15.1
* tomcat11-webapps-11.0.18-150600.13.15.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* tomcat11-jsp-4_0-api-11.0.18-150600.13.15.1
* tomcat11-admin-webapps-11.0.18-150600.13.15.1
* tomcat11-11.0.18-150600.13.15.1
*...
Read the Full AdvisoryReferences
* bsc#1253460
* bsc#1258371
* bsc#1258385
* bsc#1258387
## References:
* https://www.suse.com/security/cve/CVE-2025-66614.html
* https://www.suse.com/security/cve/CVE-2026-24733.html
* https://www.suse.com/security/cve/CVE-2026-24734.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253460
* https://bugzilla.suse.com/show_bug.cgi?id=1258371
* https://bugzilla.suse.com/show_bug.cgi?id=1258385
* https://bugzilla.suse.com/show_bug.cgi?id=1258387
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2026:0877-1
Release Date: 2026-03-12T05:39:53Z
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* Web and Scripting Module 15-SP7
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!