Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

SUSE Linux Server 16.0 Tomcat Important Update 2026-21378-1

suse
Calendar Grey April 28, 2026
Dist Suse Esm H88
SUSE tomcat important update addresses multiple vulnerabilities to ensure system integrity and security enhancements.
An update that solves 11 vulnerabilities can now be installed.

Summary

## This update for tomcat fixes the following issues: * CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). * CVE-2026-25854: Occasionally open redirect (bsc#1261851). * CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). * CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). * CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). * CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). * CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). * CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857).

References

* bsc#1258371

* bsc#1261850

* bsc#1261851

* bsc#1261852

* bsc#1261853

* bsc#1261854

* bsc#1261855

* bsc#1261856

* bsc#1261857

Cross-

* CVE-2025-66614

* CVE-2026-24880

* CVE-2026-25854

* CVE-2026-29129

* CVE-2026-29145

* CVE-2026-29146

* CVE-2026-32990

* CVE-2026-34483

* CVE-2026-34486

* CVE-2026-34487

* CVE-2026-34500

CVSS scores:

* CVE-2025-66614 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

* CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2026-24880 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21378-1
Release Date: 2026-04-22T10:52:20Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here