Explore top 10 tips to secure your open-source projects now. Read More
×
This update for tomcat to version 9.0.10 fixes the following issues: Security issues fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400). - CVE-2018-8014: Fix insecure default CORS filter settings (bsc#1093697). - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379). - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the
#1067720 #1093697 #1102379 #1102400 #1102410
Cross- CVE-2018-1336 CVE-2018-8014 CVE-2018-8034
CVE-2018-8037
Affected Products:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
https://www.suse.com/security/cve/CVE-2018-1336.html
https://www.suse.com/security/cve/CVE-2018-8014.html
https://www.suse.com/security/cve/CVE-2018-8034.html
https://www.suse.com/security/cve/CVE-2018-8037.html
https://bugzilla.suse.com/1067720
https://bugzilla.suse.com/1093697
https://bugzilla.suse.com/1102379
https://bugzilla.suse.com/1102400
https://bugzilla.suse.com/1102410
Get the latest Linux and open source security news straight to your inbox.