SUSE-SU-2024:0472-1 -- SLES tomcatID: oval:org.secpod.oval:def:89051458 | Date: (C)2024-04-26 (M)2024-04-26 |
Class: PATCH | Family: unix |
This update for tomcat fixes the following issues: Updated to Tomcat 9.0.85: * CVE-2023-45648: Improve trailer header parsing . * CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows . * CVE-2023-42795: Improve handling of failures during recycle methods . * CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing * CVE-2024-22029: Fixed escalation to root from tomcat user via %post script. The following non-security issues were fixed: * Fixed the file permissions for server.xml . Find the full release notes at: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html
Platform: |
SUSE Linux Enterprise Server 15 SP4 |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Server 15 SP3 |