SUSE: 2018:2699-1 Moderate: Tomcat Denial Of Service And Security Fixes
suse
September 13, 2018
An update that solves four vulnerabilities and has two fixes is now available
Summary
This update for tomcat to 8.0.53 fixes the following issues: Security issue fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400). - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379). - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the
Topics Covered
References
#1067720 #1093697 #1095472 #1102379 #1102400
#1102410
Cross- CVE-2018-1336 CVE-2018-8014 CVE-2018-8034
CVE-2018-8037
Affected Products:
SUSE Linux Enterprise Server 12-SP3
https://www.suse.com/security/cve/CVE-2018-1336.html
https://www.suse.com/security/cve/CVE-2018-8014.html
https://www.suse.com/security/cve/CVE-2018-8034.html
https://www.suse.com/security/cve/CVE-2018-8037.html
https://bugzilla.suse.com/1067720
https://bugzilla.suse.com/1093697
https://bugzilla.suse.com/1095472
https://bugzilla.suse.com/1102379
https://bugzilla.suse.com/1102400
https://bugzilla.suse.com/1102410
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2018:2699-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!