Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorysecurity issuecriticalSUSE: 2022:0818-1 Critical: Tomcat Session Storage Issue
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0818-1 Rating: important References: #1195255 #1196137 Cross-References: CVE-2022-23181 CVSS scores: CVE-2022-23181 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23181 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for tomcat fixes the following issues: Security issues fixed: - CVE-2022-23181:Make calculation of session storage location more robust (bsc#1195255) - Remove log4j (bsc#1196137) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-818=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-818=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-818=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-818=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-818=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-818=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-818=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-818=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-818=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-818=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-818=1 Package List: - SUSE Manager Server 4.1 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Manager Retail Branch Server 4.1 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Manager Proxy 4.1 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSELinux Enterprise High Performance Computing 15-SP2-LTSS (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Enterprise Storage 7 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 References: https://www.suse.com/security/cve/CVE-2022-23181.html https://bugzilla.suse.com/1195255 https://bugzilla.suse.com/1196137 . An important SUSE security patch for tomcat has been released, focusing on a significant session management vulnerability.. SUSE Security Update, Tomcat Patch, Session Storage Fix, Software Update, Security Issue. . Severity: Important. LinuxSecurity.com Team
Mar 14, 2022
•Important
SuSE
202
security advisorytomcatimportant updateopenSUSE Leap 15.3 & 15.4: 2022:0818-1 Important: Session Storage Issue
An update that solves one vulnerability and has one errata is now available. . openSUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0818-1 Rating: important References: #1195255 #1196137 Cross-References: CVE-2022-23181 CVSS scores: CVE-2022-23181 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23181 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for tomcat fixes the following issues: Security issues fixed: - CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255) - Remove log4j (bsc#1196137) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-818=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-818=1 Package List: - openSUSE Leap 15.4 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-docs-webapp-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-embed-9.0.36-19.1 tomcat-javadoc-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-jsvc-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - openSUSE Leap 15.3 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-docs-webapp-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-embed-9.0.36-19.1 tomcat-javadoc-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-jsvc-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 References: https://www.suse.com/security/cve/CVE-2022-23181.html https://bugzilla.suse.com/1195255 https://bugzilla.suse.com/1196137 . openSUSE Security Patch for Tomcat addresses a severe session management vulnerability. Ensure your system is secure with this important update.. openSUSE Security Update,tomcat patch,session storage fix,SUSE errata,software advisory. . Severity: Important. LinuxSecurity.com Team
Mar 14, 2022
•Important
OpenSUSE
200
security advisorytomcatRCESciLinux: SLSA-2020-2530-1 Important: Tomcat RCE Deserialization Flaw
tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484) SL7 noarch tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm [More...]. Synopsis: Important: tomcat security update Advisory ID: SLSA-2020:2530-1 Issue Date: 2020-06-11 CVE Numbers: None -- Security Fix(es): * tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484) -- SL7 noarch tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm - Scientific Linux Development Team . Crucial Apache Tomcat security patch released for SL7 correcting a severe session management vulnerability that poses remote code execution risks.. tomcat update, RCE threat, session persistence issue, security advisory. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2020
•Important
Scientific Linux
98
security advisoryupdatered hatRed Hat Enterprise Linux 6 RHSA-2020-2529-01 Important: Tomcat6 RCE
An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: tomcat6 security update Advisory ID: RHSA-2020:2529-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2529 Issue date: 2020-06-11 CVE Names: CVE-2020-9484 ==================================================================== 1. Summary: An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in thisadvisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: tomcat6-6.0.24-115.el6_10.src.rpm noarch: tomcat6-6.0.24-115.el6_10.noarch.rpm tomcat6-admin-webapps-6.0.24-115.el6_10.noarch.rpm tomcat6-docs-webapp-6.0.24-115.el6_10.noarch.rpm tomcat6-el-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-javadoc-6.0.24-115.el6_10.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-lib-6.0.24-115.el6_10.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-115.el6_10.noarch.rpm tomcat6-webapps-6.0.24-115.el6_10.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: tomcat6-6.0.24-115.el6_10.src.rpm noarch: tomcat6-6.0.24-115.el6_10.noarch.rpm tomcat6-admin-webapps-6.0.24-115.el6_10.noarch.rpm tomcat6-docs-webapp-6.0.24-115.el6_10.noarch.rpm tomcat6-el-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-javadoc-6.0.24-115.el6_10.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-lib-6.0.24-115.el6_10.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-115.el6_10.noarch.rpm tomcat6-webapps-6.0.24-115.el6_10.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: tomcat6-6.0.24-115.el6_10.src.rpm noarch: tomcat6-6.0.24-115.el6_10.noarch.rpm tomcat6-el-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-lib-6.0.24-115.el6_10.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-115.el6_10.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): noarch: tomcat6-admin-webapps-6.0.24-115.el6_10.noarch.rpm tomcat6-docs-webapp-6.0.24-115.el6_10.noarch.rpm tomcat6-javadoc-6.0.24-115.el6_10.noarch.rpm tomcat6-webapps-6.0.24-115.el6_10.noarch.rpm Red Hat Enterprise Linux Workstation (v.6): Source: tomcat6-6.0.24-115.el6_10.src.rpm noarch: tomcat6-6.0.24-115.el6_10.noarch.rpm tomcat6-el-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-lib-6.0.24-115.el6_10.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-115.el6_10.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): noarch: tomcat6-admin-webapps-6.0.24-115.el6_10.noarch.rpm tomcat6-docs-webapp-6.0.24-115.el6_10.noarch.rpm tomcat6-javadoc-6.0.24-115.el6_10.noarch.rpm tomcat6-webapps-6.0.24-115.el6_10.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-9484 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXuIAOtzjgjWX9erEAQircxAAiJgOBZ2LET65r7XgAUP0MKNR8/ftKZkx VCnUU/yGylYEi5x7PODw8u/wGpmgbaC6rOfsHOETf/SEeUII2CgBUrK4A84/+ySc hxxUZJYJju5F2GcUsneictfVRJhdgehZuD/1Xa8M+x39TwAOqEH6U6+lKjZjCZCE oGLm8zXXePN21rsuF342CsI1/Z0ecCbYZgsIbvNksmtFWkqAsoprJNOJX7mz8QSd wd/mo85aWcL3e3EO9hClLD6wsX4UiiEn6zkuWgtucgqhaX8DnCwRh6aRHvHZBUtO TC+F2gmxl6jqFqK3Yy9Q7VYY5Cf7eeePzDgIVdPOuNuxNQh1y6QIPe+rt1WqNhaF +p+WgjB1GTRoUIQKQ3XwvI4zBypD01ZnZLUicUBMhenOBm8DfeYZ4UusMrJi3AVs rj7ElHVQtBT5S2SkF7RJGPcFV6/UY0XatHHZMZ19ugwiOED+uCpCO3EH/lQbAOLf Ei5Wb6a9uyNGfp/qFuHPzQzGlYr3EVwiv6EL0ME8tclXzV38LWEllQHAAkjGrYv/ xPDFbY4uvK9w26hQyqElycB4wJcn6c3i5D05TDUg92fE+TQ5O9nFlcDV3E+VafoZ sP45dVLPlUh307m/OhCgctbqLcnLef/mQJrUzwc3FR6/AI+R5WAekP47OEJd/Min JP21Ib3I3uM=oD9n -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 11, 2020
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!