Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 436
Alerts This Week
Warning Icon 1 436

SUSE: 2018:3261-1 Moderate: Tomcat Security Issues Fixed

suse
Calendar Grey October 19, 2018
Dist Suse Esm H88
SUSE Security Advisory for postgresql addresses several vulnerabilities. Notice ID: SUSE-SA-2023:4578-2.
An update that fixes 7 vulnerabilities is now available

Summary

This update for tomcat fixes the following issues: Version update to 7.0.90: - Another bugfix release, for full details see: https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Security issues fixed: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) - CVE-2017-15706: As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as

References

#1078677 #1082480 #1082481 #1093697 #1102379

#1102400 #1110850

Cross- CVE-2017-15706 CVE-2018-11784 CVE-2018-1304

CVE-2018-1305 CVE-2018-1336 CVE-2018-8014

CVE-2018-8034

Affected Products:

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2017-15706.html

https://www.suse.com/security/cve/CVE-2018-11784.html

https://www.suse.com/security/cve/CVE-2018-1304.html

https://www.suse.com/security/cve/CVE-2018-1305.html

https://www.suse.com/security/cve/CVE-2018-1336.html

https://www.suse.com/security/cve/CVE-2018-8014.html

https://www.suse.com/security/cve/CVE-2018-8034.html

https://bugzilla.suse.com/1078677

https://bugzilla.suse.com/1082480

https://bugzilla.suse.com/1082481

Announcement ID: SUSE-SU-2018:3261-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.