Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

SUSE 16.0 Tomcat10 Important Security Update 2026-21379-1

suse
Calendar Grey April 28, 2026
Dist Suse Esm H88
SUSE's important update for tomcat10 addresses 11 issues, including request smuggling and more. Stay secure!
An update that solves 11 vulnerabilities can now be installed.

Summary

## This update for tomcat10 fixes the following issues: * Update to Tomcat 10.1.54 * CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). * CVE-2026-25854: Occasionally open redirect (bsc#1261851). * CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). * CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). * CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). * CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). * CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). * CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857).

References

* bsc#1258371

* bsc#1261850

* bsc#1261851

* bsc#1261852

* bsc#1261853

* bsc#1261854

* bsc#1261855

* bsc#1261856

* bsc#1261857

Cross-

* CVE-2025-66614

* CVE-2026-24880

* CVE-2026-25854

* CVE-2026-29129

* CVE-2026-29145

* CVE-2026-29146

* CVE-2026-32990

* CVE-2026-34483

* CVE-2026-34486

* CVE-2026-34487

* CVE-2026-34500

CVSS scores:

* CVE-2025-66614 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

* CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2026-24880 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21379-1
Release Date: 2026-04-22T10:52:20Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here