Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

SUSE Tomcat16 Essential Protection Patch SUSE-SU-2026-40931-2

suse
Calendar Grey April 1, 2026
Dist Suse Esm H88
An important SUSE advisory for tomcat11 addresses three critical issues. Ensure to install the latest patches to enhance security.
An update that solves three vulnerabilities and has one fix can now be installed.

Summary

## This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: * CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). * CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). * CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387). Changelog: * Fix: 69932: Fix request end access log pattern regression, which would log the start time of the request instead. (remm) * Fix: 69623: Additional fix for the long standing regression that meant that calls to ClassLoader.getResource().getContent() failed when made from within a web application with resource caching enabled if the target resource was packaged in a JAR file. (markt)

References

* bsc#1253460

* bsc#1258371

* bsc#1258385

* bsc#1258387

Cross-

* CVE-2025-66614

* CVE-2026-24733

* CVE-2026-24734

CVSS scores:

* CVE-2025-66614 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

* CVE-2026-24733 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2026-24733 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2026-24733 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

* CVE-2026-24733 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20926-1
Release Date: 2026-03-24T16:08:32Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here