Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2024:1345-1 critical update: tomcat service denial vulnerability

suse
Calendar Grey April 18, 2024
Dist Suse Esm H88
Crucial enhancements to Tomcat tackle two significant vulnerabilities; setup guidelines provided. Protect your server today.
* bsc#1221385 * bsc#1221386 Cross-References: * CVE-2024-23672

Summary

## This update for tomcat fixes the following issues: * CVE-2024-24549: Fixed denial of service during header validation for HTTP/2 stream (bsc#1221386) * CVE-2024-23672: Fixed denial of service due to malicious WebSocket client keeping connection open (bsc#1221385) Other fixes: \- Update to Tomcat 9.0.87 * Catalina \+ Fix: Minor performance improvement for building filter chains. Based on ideas from #702 by Luke Miao. (remm) \+ Fix: Align error handling for Writer and OutputStream. Ensure use of either once the response has been recycled triggers a NullPointerException provided that discardFacades is configured with the default value of true. (markt) \+ Fix: 68692: The standard thread pool implementations that are configured using the Executor element now

Topics%20covered

Topics Covered

security advisory denial of service update patch important tomcat suse linux SUSE Linux Enterprise

References

* bsc#1221385

* bsc#1221386

Cross-

* CVE-2024-23672

* CVE-2024-24549

CVSS scores:

* CVE-2024-23672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-24549 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Development Tools Module 15-SP5

* openSUSE Leap 15.5

* SUSE Enterprise Storage 7.1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4

* SUSE Linux Enterprise Desktop 15 SP5

* SUSE Linux Enterprise High Performance Computing 15 SP2

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2

* SUSE Linux Enterprise High Performance Computing 15 SP3

* SUSE Linux Enterprise High Performance Computing 15 SP4

* SUSE Linux Enterprise High Performance Computing 15 SP5

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:1345-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service update patch important tomcat suse linux SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here