SUSE: 2023:5116-2 Critical: Apache HTTP Server Vulnerability Alert

This update for tomcat fixes the following issues: Security issues fixed: - CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. (bsc#1042910). - CVE-2017-7674: A CORS Filter issue could lead to client and server side cache poisoning (bsc#1053352) - CVE-2017-12617: A remote code execution possibility via JSP Upload was fixed (bsc#1059554) Non security issues fixed: - Fix tomcat-digest classpath error (bsc#977410) - Read setenv.sh when starting Tomcat with catalina.sh (bsc#1002639) - Fix packaged /etc/alternatives symlinks for api libs that caused rpm -V to report link mismatch (bsc#1019016) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: