Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
202
security advisoryimportant issueopenSUSEopenSUSE 15.6: SUSE-SU-2025:1537-1 important: tomcat10 security update
An update that solves two vulnerabilities can now be installed.. # Security update for tomcat10 Announcement ID: SUSE-SU-2025:1537-1 Release Date: 2025-05-13T02:49:24Z Rating: important References: * bsc#1242008 * bsc#1242009 Cross-References: * CVE-2025-31650 * CVE-2025-31651 CVSS scores: * CVE-2025-31650 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-31650 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-31650 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-31650 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-31651 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-31651 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-31651 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-31651 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * Web and Scripting Module 15-SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.40 * CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008) * CVE-2025-31651: Better handling of URLs with literal ';' and '?' (bsc#1242009) Full changelog: https://tomcat.apache.org/tomcat-10.1-doc/changelog.html ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaSTonline_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1537=1 * Web and Scripting Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-1537=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1537=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1537=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1537=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1537=1 ## Package List: * openSUSE Leap 15.6 (noarch) * tomcat10-jsvc-10.1.40-150200.5.40.1 * tomcat10-embed-10.1.40-150200.5.40.1 * tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1 * tomcat10-admin-webapps-10.1.40-150200.5.40.1 * tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1 * tomcat10-el-5_0-api-10.1.40-150200.5.40.1 * tomcat10-docs-webapp-10.1.40-150200.5.40.1 * tomcat10-lib-10.1.40-150200.5.40.1 * tomcat10-doc-10.1.40-150200.5.40.1 * tomcat10-webapps-10.1.40-150200.5.40.1 * tomcat10-10.1.40-150200.5.40.1 * Web and Scripting Module 15-SP6 (noarch) * tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1 * tomcat10-admin-webapps-10.1.40-150200.5.40.1 * tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1 * tomcat10-el-5_0-api-10.1.40-150200.5.40.1 * tomcat10-lib-10.1.40-150200.5.40.1 * tomcat10-webapps-10.1.40-150200.5.40.1 * tomcat10-10.1.40-150200.5.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1 * tomcat10-admin-webapps-10.1.40-150200.5.40.1 * tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1 * tomcat10-el-5_0-api-10.1.40-150200.5.40.1 * tomcat10-lib-10.1.40-150200.5.40.1 * tomcat10-webapps-10.1.40-150200.5.40.1 * tomcat10-10.1.40-150200.5.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1 * tomcat10-admin-webapps-10.1.40-150200.5.40.1 * tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1 * tomcat10-el-5_0-api-10.1.40-150200.5.40.1 * tomcat10-lib-10.1.40-150200.5.40.1 * tomcat10-webapps-10.1.40-150200.5.40.1 * tomcat10-10.1.40-150200.5.40.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1 * tomcat10-admin-webapps-10.1.40-150200.5.40.1 * tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1 * tomcat10-el-5_0-api-10.1.40-150200.5.40.1 * tomcat10-lib-10.1.40-150200.5.40.1 * tomcat10-webapps-10.1.40-150200.5.40.1 * tomcat10-10.1.40-150200.5.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1 * tomcat10-admin-webapps-10.1.40-150200.5.40.1 * tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1 * tomcat10-el-5_0-api-10.1.40-150200.5.40.1 * tomcat10-lib-10.1.40-150200.5.40.1 * tomcat10-webapps-10.1.40-150200.5.40.1 * tomcat10-10.1.40-150200.5.40.1 ## References: * https://www.suse.com/security/cve/CVE-2025-31650.html * https://www.suse.com/security/cve/CVE-2025-31651.html * https://bugzilla.suse.com/show_bug.cgi?id=1242008 * https://bugzilla.suse.com/show_bug.cgi?id=1242009 . An essential patch for tomcat10 resolves vulnerabilities CVE-2025-31650 and CVE-2025-31651 affecting openSUSE. Detailed information on the fixes included is available.. tomcat Update, CVE-2025-31650, CVE-2025-31651, Security Patch, SUSE Announcement. . Severity: Important. LinuxSecurity.com Team
May 13, 2025
•Important
OpenSUSE
202
security advisoryremote code executionimportant securityopenSUSE: 2025:1126-1 Critical Security Issue: tomcat RCE Vulnerability
An update that solves two vulnerabilities can now be installed.. # Security update for tomcat Announcement ID: SUSE-SU-2025:1126-1 Release Date: 2025-04-03T11:51:52Z Rating: important References: * bsc#1239302 * bsc#1239676 Cross-References: * CVE-2024-56337 * CVE-2025-24813 CVSS scores: * CVE-2024-56337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56337 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-24813 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-24813 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-24813 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-24813 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP6 An update that solves twovulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT (bsc#1239302) * Update to Tomcat 9.0.102 * Fixes: * launch with java 17 (bsc#1239676) * Catalina * Fix: Weak etags in the If-Range header should not match as strong etags are required. (remm) * Fix: When looking up class loader resources by resource name, the resource name should not start with '/'. If the resource name does start with '/', Tomcat is lenient and looks it up as if the '/' was not present. When the web application class loader was configured with external repositories and names starting with '/' were used for lookups, it was possible that cached 'not found' results could effectively hide lookup results using the correct resource name. (markt) * Fix: Enable the JNDIRealm to validate credentials provided to HttpServletRequest.login(String username, String password) when the realm is configured to use GSSAPI authentication. (markt) * Fix: Fix a bug in the JRE compatibility detection that incorrectly identified Java 19 and Java 20 as supporting Java 21 features. (markt) * Fix: Improve the checks for exposure to and protection against CVE-2024-56337 so that reflection is not used unless required. The checks for whether the file system is case sensitive or not have been removed. (markt) * Fix: Avoid scenarios where temporary files used for partial PUT would not be deleted. (remm) * Fix: 69602: Fix regression in releases from 12-2024 that were too strict and rejected weak etags in the If-Range header. (remm) * Fix: 69576: Avoid possible failure initializing JreCompat due to uncaught exception introduced for the check for CVE-2024-56337. (remm) * Cluster * Add: 69598: Add detection of service account token changes to the KubernetesMembershipProvider implementation and reload the token if it changes. Based on a patch by Miroslav Jezbera. (markt) *Coyote * Fix: 69575: Avoid using compression if a response is already compressed using compress, deflate or zstd. (remm) * Update: Use Transfer-Encoding for compression rather than Content-Encoding if the client submits a TE header containing gzip. (remm) * Fix: Fix a race condition in the handling of HTTP/2 stream reset that could cause unexpected 500 responses. (markt) * Other * Add: Add makensis as an option for building the Installer for Windows on non-Windows platforms. (rjung/markt) * Update: Update Byte Buddy to 1.17.1. (markt) * Update: Update Checkstyle to 10.21.3. (markt) * Update: Update SpotBugs to 4.9.1. (markt) * Update: Update JSign to 7.1. (markt) * Add: Improvements to French translations. (remm) * Add: Improvements to Japanese translations by tak7iji. (markt) * Add: Add org.apache.juli.JsonFormatter to format log as one line JSON documents. (remm) * Update to Tomcat 9.0.99 * Catalina * Update: Add tableName configuration on the DataSourcePropertyStore that may be used by the WebDAV Servlet. (remm) * Update: Improve HTTP If headers processing according to RFC 9110. Based on pull request #796 by Chenjp. (remm/markt) * Update: Allow readOnly attribute configuration on the Resources element and allow configure the readOnly attribute value of the main resources. The attribute value will also be used by the default and WebDAV Servlets. (remm) * Fix: 69285: Optimise the creation of the parameter map for included requests. Based on sample code and test cases provided by John Engebretson. (markt) * Fix: 69527: Avoid rare cases where a cached resource could be set with 0 content length, or could be evicted immediately. (remm) * Fix: Fix possible edge cases (such as HTTP/1.0) with trying to detect requests without body for WebDAV LOCK and PROPFIND. (remm) * Fix: 69528: Add multi-release JAR support for the bloom archiveIndexStrategy of the Resources. (remm) * Fix: Improve checks for WEB-INF and META-INF in the WebDAVservlet. Based on a patch submitted by Chenjp. (remm) * Add: Add a check to ensure that, if one or more web applications are potentially vulnerable to CVE-2024-56337, the JVM has been configured to protect against the vulnerability and to configure the JVM correctly if not. Where one or more web applications are potentially vulnerable to CVE-2024-56337 and the JVM cannot be correctly configured or it cannot be confirmed that the JVM has been correctly configured, prevent the impacted web applications from starting. (markt) * Fix: Remove unused session to client map from CrawlerSessionManagerValve. Submitted by Brian Matzon. (remm) * Fix: When using the WebDAV servlet with serveSubpathOnly set to true, ensure that the destination for any requested WebDAV operation is also restricted to the sub-path. (markt) * Fix: Generate an appropriate Allow HTTP header when the Default servlet returns a 405 (method not allowed) response in response to a DELETE request because the target resource cannot be deleted. Pull request #802 provided by Chenjp. (markt) * Code: Refactor creation of RequestDispatcher instances so that the processing of the provided path is consistent with normal request processing. (markt) * Add: Add encodedReverseSolidusHandling and encodedSolidusHandling attributes to Context to provide control over the handling of the path used to created a RequestDispatcher. (markt) * Fix: Handle a potential NullPointerException after an IOException occurs on a non-container thread during asynchronous processing. (markt) * Fix: Enhance lifecycle of temporary files used by partial PUT. (remm) * Coyote * Fix: Don't log warnings for registered HTTP/2 settings that Tomcat does not support. These settings are now silently ignored. (markt) * Fix: Avoid a rare NullPointerException when recycling the Http11InputBuffer. (markt) * Fix: Lower the log level to debug for logging an invalid socket channel when processing poller events for the NIO Connector as this may occur in normalusage. (markt) * Code: Clean-up references to the HTTP/2 stream once request processing has completed to aid GC and reduce the size of the HTTP/2 recycled request and response cache. (markt) * Add: Add a new Connector configuration attribute, encodedReverseSolidusHandling, to control how %5c sequences in URLs are handled. The default behaviour is unchanged (decode) keeping in mind that the allowBackslash attribute determines how the decoded URI is processed. (markt) * Fix: 69545: Improve CRLF skipping for the available method of the ChunkedInputFilter. (remm) * Fix: Improve the performance of repeated calls to getHeader(). Pull request #813 provided by Adwait Kumar Singh. (markt) * Fix: 69559: Ensure that the Java 24 warning regarding the use of sun.misc.Unsafe::invokeCleaner is only reported by the JRE when the code will be used. (markt) * Jasper * Fix: 69508: Correct a regression in the fix for 69382 that broke JSP include actions if both the page attribute and the body contained parameters. Pull request #803 provided by Chenjp. (markt) * Fix: 69521: Update the EL Parser to allow the full range of valid characters in an EL identifier as defined by the Java Language Specification. (markt) * Fix: 69532: Optimise the creation of ExpressionFactory instances. Patch provided by John Engebretson. (markt) * Web applications * Add: Documentation. Expand the description of the security implications of setting mapperContextRootRedirectEnabled and/or mapperDirectoryRedirectEnabled to true. (markt) * Fix: Documentation. Better document the default for the truststoreProvider attribute of a SSLHostConfig element. (markt) * Other * Update: Update to Commons Daemon 1.4.1. (markt) * Update: Update the internal fork of Commons Pool to 2.12.1. (markt) * Update: Update Byte Buddy to 1.16.1. (markt) * Update: Update UnboundID to 7.0.2. (markt) * Update: Update Checkstyle to 10.21.2. (markt) * Update: Update SpotBugs to 4.9.0. (markt) * Add: Improvements toFrench translations. (remm) * Add: Improvements to Chinese translations by leeyazhou. (markt) * Add: Improvements to Japanese translations by tak7iji. (markt) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1126=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1126=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1126=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1126=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1126=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1126=1 * Web and Scripting Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-1126=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1126=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1126=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1126=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1126=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1126=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1126=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patchSUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1126=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1126=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * tomcat-lib-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 * tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * tomcat-lib-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 * tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * tomcat-lib-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 * tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 * SUSE Manager Server 4.3 (noarch) * tomcat-lib-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 * tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 * SUSE Enterprise Storage 7.1 (noarch) * tomcat-lib-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 * tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 * openSUSE Leap 15.6 (noarch) * tomcat-javadoc-9.0.102-150200.78.1 *tomcat-lib-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-docs-webapp-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 * tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-embed-9.0.102-150200.78.1 * tomcat-jsvc-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 * Web and Scripting Module 15-SP6 (noarch) * tomcat-lib-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 * tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * tomcat-lib-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 * tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * tomcat-lib-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 * tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * tomcat-lib-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 * tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * tomcat-lib-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 *tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * tomcat-lib-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 * tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * tomcat-lib-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 * tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * tomcat-lib-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 * tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * tomcat-lib-9.0.102-150200.78.1 * tomcat-admin-webapps-9.0.102-150200.78.1 * tomcat-webapps-9.0.102-150200.78.1 * tomcat-el-3_0-api-9.0.102-150200.78.1 * tomcat-servlet-4_0-api-9.0.102-150200.78.1 * tomcat-9.0.102-150200.78.1 * tomcat-jsp-2_3-api-9.0.102-150200.78.1 ## References: * https://www.suse.com/security/cve/CVE-2024-56337.html * https://www.suse.com/security/cve/CVE-2025-24813.html * https://bugzilla.suse.com/show_bug.cgi?id=1239302 * https://bugzilla.suse.com/show_bug.cgi?id=1239676 . Essential Apache Tomcat patch released for openSUSE addressing remote code execution and data leakage vulnerabilities. Ensure to apply it without delay for enhancedprotection.. openSUSE,tomcat,security update,remote code execution,info disclosure. . Severity: Important. LinuxSecurity.com Team
Apr 03, 2025
•Important
OpenSUSE
100
security advisorydenial of serviceSUSE LinuxSUSE: 2024:1306-2 Critical: Nginx Security Vulnerability Report
* bsc#1221385 * bsc#1221386 Cross-References: * CVE-2024-23672 . # Security update for tomcat Announcement ID: SUSE-SU-2024:1205-1 Rating: important References: * bsc#1221385 * bsc#1221386 Cross-References: * CVE-2024-23672 * CVE-2024-24549 CVSS scores: * CVE-2024-23672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24549 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2024-24549: Fixed denial of service during header validation for HTTP/2 stream (bsc#1221386) * CVE-2024-23672: Fixed denial of service due to malicious WebSocket client keeping connection open (bsc#1221385) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1205=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1205=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1205=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * tomcat-admin-webapps-9.0.36-3.124.1 * tomcat-jsp-2_3-api-9.0.36-3.124.1 * tomcat-docs-webapp-9.0.36-3.124.1 * tomcat-lib-9.0.36-3.124.1 * tomcat-el-3_0-api-9.0.36-3.124.1 * tomcat-servlet-4_0-api-9.0.36-3.124.1 * tomcat-9.0.36-3.124.1 * tomcat-javadoc-9.0.36-3.124.1 * tomcat-webapps-9.0.36-3.124.1 *SUSE Linux Enterprise Server 12 SP5 (noarch) * tomcat-admin-webapps-9.0.36-3.124.1 * tomcat-jsp-2_3-api-9.0.36-3.124.1 * tomcat-docs-webapp-9.0.36-3.124.1 * tomcat-lib-9.0.36-3.124.1 * tomcat-el-3_0-api-9.0.36-3.124.1 * tomcat-servlet-4_0-api-9.0.36-3.124.1 * tomcat-9.0.36-3.124.1 * tomcat-javadoc-9.0.36-3.124.1 * tomcat-webapps-9.0.36-3.124.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * tomcat-admin-webapps-9.0.36-3.124.1 * tomcat-jsp-2_3-api-9.0.36-3.124.1 * tomcat-docs-webapp-9.0.36-3.124.1 * tomcat-lib-9.0.36-3.124.1 * tomcat-el-3_0-api-9.0.36-3.124.1 * tomcat-servlet-4_0-api-9.0.36-3.124.1 * tomcat-9.0.36-3.124.1 * tomcat-javadoc-9.0.36-3.124.1 * tomcat-webapps-9.0.36-3.124.1 ## References: * https://www.suse.com/security/cve/CVE-2024-23672.html * https://www.suse.com/security/cve/CVE-2024-24549.html * https://bugzilla.suse.com/show_bug.cgi?id=1221385 * https://bugzilla.suse.com/show_bug.cgi?id=1221386 . Crucial security patch for Tomcat resolves dual denial of service vulnerabilities in SUSE Linux Enterprise. Apply updates promptly.. Tomcat Security Update,SUSE Patch Management,Denial of Service Fix. . Severity: Important. LinuxSecurity.com Team
Apr 11, 2024
•Important
SuSE
202
security advisorymoderate severitypatchopenSUSE: SUSE-SU-2024:0208-1 Moderate: Tomcat10 HTTP Smuggling
This update for tomcat10 fixes the following issues: Updated to Tomcat 10.1.18. # Security update for tomcat10 Announcement ID: SUSE-SU-2024:0208-1 Rating: moderate References: * bsc#1217649 Cross-References: * CVE-2023-46589 CVSS scores: * CVE-2023-46589 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46589 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * Web and Scripting Module 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for tomcat10 fixes the following issues: Updated to Tomcat 10.1.18 * CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649) Find the full release notes at: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-208=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2024-208=1 ## Package List: * openSUSE Leap 15.5 (noarch) * tomcat10-el-5_0-api-10.1.18-150200.5.8.1 * tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1 * tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1 * tomcat10-embed-10.1.18-150200.5.8.1 * tomcat10-admin-webapps-10.1.18-150200.5.8.1 * tomcat10-docs-webapp-10.1.18-150200.5.8.1 * tomcat10-10.1.18-150200.5.8.1 * tomcat10-jsvc-10.1.18-150200.5.8.1 * tomcat10-lib-10.1.18-150200.5.8.1 * tomcat10-webapps-10.1.18-150200.5.8.1 * Web and Scripting Module 15-SP5 (noarch) * tomcat10-el-5_0-api-10.1.18-150200.5.8.1 *tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1 * tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1 * tomcat10-admin-webapps-10.1.18-150200.5.8.1 * tomcat10-10.1.18-150200.5.8.1 * tomcat10-lib-10.1.18-150200.5.8.1 * tomcat10-webapps-10.1.18-150200.5.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46589.html * https://bugzilla.suse.com/show_bug.cgi?id=1217649 . Enhanced to Tomcat 10.1.18 resolving HTTP request smuggling issues for openSUSE with moderate security implications. Discover additional details.. openSUSE Updates, Tomcat Security, HTTP Smuggling, SUSE Patches, Server Management. . LinuxSecurity.com Team
Jan 24, 2024
OpenSUSE
98
security advisoryred hatlow severityRed Hat 7.7 Low Advisory: RHSA-2021:1030-01 Tomcat Session Fixation
An update for tomcat is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: tomcat security update Advisory ID: RHSA-2021:1030-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1030 Issue date: 2021-03-30 CVE Names: CVE-2019-17563 CVE-2020-1935 ==================================================================== 1. Summary: An update for tomcat is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - noarch Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - noarch Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Session fixation when using FORM authentication (CVE-2019-17563) * tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1785711 - CVE-2019-17563 tomcat: Session fixation when using FORM authentication 1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7): Source: tomcat-7.0.76-12.el7_7.src.rpm noarch: tomcat-servlet-3.0-api-7.0.76-12.el7_7.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7): noarch: tomcat-7.0.76-12.el7_7.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_7.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_7.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_7.noarch.rpm tomcat-javadoc-7.0.76-12.el7_7.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_7.noarch.rpm tomcat-jsvc-7.0.76-12.el7_7.noarch.rpm tomcat-lib-7.0.76-12.el7_7.noarch.rpm tomcat-webapps-7.0.76-12.el7_7.noarch.rpm Red Hat Enterprise Linux Server EUS (v. 7.7): Source: tomcat-7.0.76-12.el7_7.src.rpm noarch: tomcat-7.0.76-12.el7_7.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_7.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_7.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_7.noarch.rpm tomcat-lib-7.0.76-12.el7_7.noarch.rpm tomcat-servlet-3.0-api-7.0.76-12.el7_7.noarch.rpm tomcat-webapps-7.0.76-12.el7_7.noarch.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.7): noarch: tomcat-7.0.76-12.el7_7.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_7.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_7.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_7.noarch.rpm tomcat-javadoc-7.0.76-12.el7_7.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_7.noarch.rpm tomcat-jsvc-7.0.76-12.el7_7.noarch.rpm tomcat-lib-7.0.76-12.el7_7.noarch.rpm tomcat-webapps-7.0.76-12.el7_7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2019-17563 https://access.redhat.com/security/cve/CVE-2020-1935 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYGLw0NzjgjWX9erEAQjy0g//Q66kqZe6Ecfe6inDnWZg9WzejXiDhUlO LqoDzX6DpmXqnzSIxflDGlw2zt8XMnYEHKD1Q8rdGDm8ejRETgyYWKXd5c1aXJG9 dvc+RewFnx0i4oWIJrqDN9oVh5RgIpd+X5EHk1LbNGMNA4TVh4XSip/VvfbJBaFG gSksKcXLa2uF+9hDsP15NO3EC4x+UtLwa+hPu90aJ++HKHa6GZZC88fVYabu6sT3 E7Z3rd8W5TfVMOJ1PDga2KKgXpepCvJFAfjvIeWxgFDG19U6fqp7viDEvIT1gsWX lAlNX0+8OiJwPCr3MuN/530VWRia8RgVpkewMk98y6yzesYoo5uL0DizSymyJwNU Y6TF5x3SLpUmBWxnL+cB+ExzZQsrWoMVgGMv5VPhQQutDvuhAWLAPR5TBVgXdNLu BtG5W4v8tE8tziEpMRe+fbpm8yOA7AEB5EziHxMtvb71SrQAm9yNxAMGo/Y9ZwL8 hm6OhFXlLEm9tpuUwNd25CCsacL1wY/Bia7CWkkeKT9AfIRjiz/iITW5SuzgqEHm mQL5Bv/WvX2F2Td7FDSTfQrqYcVhKxjZ4zDBpqD+0pfNzWUVepolBiEWswn3G9/O oILYYAs7ct4oUBx0mtGmfLxmKA7CPGuWE2II/CgDjWaKUmPZ/rlWsaMffuPEL/Rj 9AI6JNo3qFc=gT4Q -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 30, 2021
•Low
Red Hat
200
security advisorysecurity issuefile inclusionScientific Linux SL7: SLSA-2020-0855-1 Important Tomcat AJP Issue
tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) SL7 noarch tomcat-servlet-3.0-api-7.0.76-11.el7_7.noarch.rpm tomcat-7.0.76-11.el7_7.noarch.rpm tomcat-admin-webapps-7.0.76-11.el7_7.noarch.rpm tomcat-docs-webapp-7.0.76-11.el7_7.noarch.rpm tomcat-el-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-javadoc-7.0.76-11.el7_7.noarch.rpm tomcat-jsp-2. [More...]. Synopsis: Important: tomcat security update Advisory ID: SLSA-2020:0855-1 Issue Date: 2020-03-17 CVE Numbers: CVE-2020-1938 -- Security Fix(es): * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) -- SL7 noarch tomcat-servlet-3.0-api-7.0.76-11.el7_7.noarch.rpm tomcat-7.0.76-11.el7_7.noarch.rpm tomcat-admin-webapps-7.0.76-11.el7_7.noarch.rpm tomcat-docs-webapp-7.0.76-11.el7_7.noarch.rpm tomcat-el-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-javadoc-7.0.76-11.el7_7.noarch.rpm tomcat-jsp-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-jsvc-7.0.76-11.el7_7.noarch.rpm tomcat-lib-7.0.76-11.el7_7.noarch.rpm tomcat-webapps-7.0.76-11.el7_7.noarch.rpm - Scientific Linux Development Team . Important update released for Apache Tomcat on Scientific Linux SL7.x addressing AJP file access/exposure risks.. tomcat, apache, security update, scientific linux, file inclusion. . Severity: Important. LinuxSecurity.com Team
Mar 17, 2020
•Important
Scientific Linux
98
security advisoryred hatsecurity fixRed Hat Enterprise Linux 7: RHSA-2020:0855-01 Critical Update for Tomcat
An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: tomcat security update Advisory ID: RHSA-2020:0855-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0855 Issue date: 2020-03-17 CVE Names: CVE-2020-1938 ==================================================================== 1. Summary: An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Fordetails on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: tomcat-7.0.76-11.el7_7.src.rpm noarch: tomcat-servlet-3.0-api-7.0.76-11.el7_7.noarch.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: tomcat-7.0.76-11.el7_7.noarch.rpm tomcat-admin-webapps-7.0.76-11.el7_7.noarch.rpm tomcat-docs-webapp-7.0.76-11.el7_7.noarch.rpm tomcat-el-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-javadoc-7.0.76-11.el7_7.noarch.rpm tomcat-jsp-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-jsvc-7.0.76-11.el7_7.noarch.rpm tomcat-lib-7.0.76-11.el7_7.noarch.rpm tomcat-webapps-7.0.76-11.el7_7.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: tomcat-7.0.76-11.el7_7.src.rpm noarch: tomcat-servlet-3.0-api-7.0.76-11.el7_7.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: tomcat-7.0.76-11.el7_7.noarch.rpm tomcat-admin-webapps-7.0.76-11.el7_7.noarch.rpm tomcat-docs-webapp-7.0.76-11.el7_7.noarch.rpm tomcat-el-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-javadoc-7.0.76-11.el7_7.noarch.rpm tomcat-jsp-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-jsvc-7.0.76-11.el7_7.noarch.rpm tomcat-lib-7.0.76-11.el7_7.noarch.rpm tomcat-webapps-7.0.76-11.el7_7.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: tomcat-7.0.76-11.el7_7.src.rpm noarch: tomcat-7.0.76-11.el7_7.noarch.rpm tomcat-admin-webapps-7.0.76-11.el7_7.noarch.rpm tomcat-el-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-jsp-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-lib-7.0.76-11.el7_7.noarch.rpm tomcat-servlet-3.0-api-7.0.76-11.el7_7.noarch.rpm tomcat-webapps-7.0.76-11.el7_7.noarch.rpm Red Hat Enterprise Linux Server Optional (v.7): noarch: tomcat-7.0.76-11.el7_7.noarch.rpm tomcat-admin-webapps-7.0.76-11.el7_7.noarch.rpm tomcat-docs-webapp-7.0.76-11.el7_7.noarch.rpm tomcat-el-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-javadoc-7.0.76-11.el7_7.noarch.rpm tomcat-jsp-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-jsvc-7.0.76-11.el7_7.noarch.rpm tomcat-lib-7.0.76-11.el7_7.noarch.rpm tomcat-webapps-7.0.76-11.el7_7.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: tomcat-7.0.76-11.el7_7.src.rpm noarch: tomcat-7.0.76-11.el7_7.noarch.rpm tomcat-admin-webapps-7.0.76-11.el7_7.noarch.rpm tomcat-el-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-jsp-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-lib-7.0.76-11.el7_7.noarch.rpm tomcat-servlet-3.0-api-7.0.76-11.el7_7.noarch.rpm tomcat-webapps-7.0.76-11.el7_7.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: tomcat-docs-webapp-7.0.76-11.el7_7.noarch.rpm tomcat-javadoc-7.0.76-11.el7_7.noarch.rpm tomcat-jsvc-7.0.76-11.el7_7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1938 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXnD4t9zjgjWX9erEAQjYfA/+MJ39YjzGuWCQSssKq1sA0ZjmTNbYm/an l0/lmJtj9OymwbeVQ79Cym8UkA5srcoDdiVrkgJZx/6TUjF7Npa/PzdG2B2aTCK5 AxN32X93y0Uos7QVUA9o1m/BlMv/FFbWXmbauaovgt5MQmhBGC8auU94eZs9IqZs rx8brIFMFVYxCDIhNae55zHqzas83e2Fg4lrMdHd9a80K3Ph7i2ZttbI+rA21/Rh cy2bG1CGNrL5EM89c/KiSJeB5ThcpOnAvMGTmom7GnHj5sJVZUKaU/T0k7jSGFpf sMmoF9VCL065w2kbKPYbxi6YB3lnXbPSqLdo31MSsE+p5ny+Z/aQ7X0I9Kb69vI6 ZUo+5shDXavHsLIzZJHzIk7NhGYOrVwiB34K34n+qN3cFBf1SP/jaFuWBnjyC54L AHix8uFMDSdqSS+GTa9hrPzDj3m+6A3aSpZv5FQt/f8dfNIImDPlPX4U+gXh12YA FyjuOVf1xNnfVDZkL61BVDr8gpy9xVPnqQbZdcyDUqTYbc+SJ8wbxnLnk1SBffvJ xozY6eHVKZo5EwzJl9ScmLwVK+33orjnSmqvQOxm5IFvnumWjtbKoAc0l97Mba2G ShGA+/yMaawNl8qs2uTStY4izYOKqWNjyYd2QSuuYFimg8IMPreVA8/wPXGUkACw fW14y39oYsY=oEAi -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 17, 2020
•Important
Red Hat
200
security advisoryDoSScientific LinuxScientific Linux SL7: SLSA-2018-2921-1 Critical Tomcat DoS Alert
tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) SL7 noarch tomcat-servlet-3.0-api-7.0.76-8.el7_5.noarch.rpm tomcat-7.0.76-8.el7_5.noarch.rpm tomcat-admin-webapps-7.0.76-8.el7_5.noarch.rpm tomcat-docs-webapp-7.0.76-8.el7_5.noarch.rpm tomcat-el-2.2-api-7.0.76-8.el7_5.noarch.rpm tomcat-javadoc-7.0.76-8.el7_5.noarch.rpm tomcat-jsp-2.2-api-7.0.76-8. [More...]. Synopsis: Important: tomcat security update Advisory ID: SLSA-2018:2921-1 Issue Date: 2018-10-16 CVE Numbers: CVE-2018-1336 -- Security Fix(es): * tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) -- SL7 noarch tomcat-servlet-3.0-api-7.0.76-8.el7_5.noarch.rpm tomcat-7.0.76-8.el7_5.noarch.rpm tomcat-admin-webapps-7.0.76-8.el7_5.noarch.rpm tomcat-docs-webapp-7.0.76-8.el7_5.noarch.rpm tomcat-el-2.2-api-7.0.76-8.el7_5.noarch.rpm tomcat-javadoc-7.0.76-8.el7_5.noarch.rpm tomcat-jsp-2.2-api-7.0.76-8.el7_5.noarch.rpm tomcat-jsvc-7.0.76-8.el7_5.noarch.rpm tomcat-lib-7.0.76-8.el7_5.noarch.rpm tomcat-webapps-7.0.76-8.el7_5.noarch.rpm tomcat-7.0.76-8.el7_5.src.rpm - Scientific Linux Development Team . Critical update release for tomcat resolving a DoS vulnerability in SL7.x. Comprehensive insights on resolution and advisory attached.. tomcat update, utf-8 security fix, Scientific Linux advisory, DoS issue, SL7 security. . Severity: Critical. LinuxSecurity.com Team
Oct 16, 2018
•Critical
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!