Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

SUSE Linux Enterprise 2021:0040-1 Moderate: Tomcat HTTP/2 Issues Fix

suse
Calendar Grey January 7, 2021
Scroller Suse
An upgrade for tomcat addresses several concerns and introduces multiple remedies on SUSE Linux Enterprise, boosting overall system performance.
An update that solves two vulnerabilities and has three fixes is now available

Summary

This update for tomcat fixes the following issues: Security issues fixed: - CVE-2020-13943: Fixed a HTTP/2 Request mix-up (bsc#1177582). - CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602). Non-security issue fixed: - Removed tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from package. They're not used anymore becuse of systemd (bsc#1178396). - Fixed 'tomcat-servlet-4_0-api' package alternatives to use and keep a symlink for compatibility (bsc#1092163). - Don't give write permissions for the tomcat group on files and directories where it's not needed (bsc#1172562). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

References

#1092163 #1172562 #1177582 #1178396 #1179602

Cross- CVE-2020-13943 CVE-2020-17527

Affected Products:

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

https://www.suse.com/security/cve/CVE-2020-13943.html

https://www.suse.com/security/cve/CVE-2020-17527.html

https://bugzilla.suse.com/1092163

https://bugzilla.suse.com/1172562

https://bugzilla.suse.com/1177582

https://bugzilla.suse.com/1178396

https://bugzilla.suse.com/1179602

Announcement ID: SUSE-SU-2021:0040-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.