Security update for tomcat
| Announcement ID: | SUSE-SU-2021:3602-1 |
|---|---|
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves three vulnerabilities and has one security fix can now be installed.
Description:
This update for tomcat, javapackages-tools fixes the following issue:
Security issue fixed:
- CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279).
- CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278).
- CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet (bsc#1190558).
Non-security issues fixed:
- Add requires and conflicts to avoid the usage of the incompatible 'Java 11' with 'Tomcat'. (bsc#1185476)
- Rebuild javapackages-tools to fix a missing package on s390.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE OpenStack Cloud 9
zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3602=1 -
SUSE OpenStack Cloud Crowbar 9
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3602=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP4
zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3602=1 -
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4
zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2021-3602=1 -
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3602=1 -
SUSE Linux Enterprise High Performance Computing 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3602=1 -
SUSE Linux Enterprise Server 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3602=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3602=1
Package List:
-
SUSE OpenStack Cloud 9 (x86_64)
- javapackages-tools-2.0.1-13.1
-
SUSE OpenStack Cloud 9 (noarch)
- tomcat-lib-9.0.36-3.71.1
- tomcat-docs-webapp-9.0.36-3.71.1
- tomcat-javadoc-9.0.36-3.71.1
- tomcat-9.0.36-3.71.1
- tomcat-admin-webapps-9.0.36-3.71.1
- tomcat-servlet-4_0-api-9.0.36-3.71.1
- tomcat-webapps-9.0.36-3.71.1
- tomcat-jsp-2_3-api-9.0.36-3.71.1
- tomcat-el-3_0-api-9.0.36-3.71.1
-
SUSE OpenStack Cloud Crowbar 9 (x86_64)
- javapackages-tools-2.0.1-13.1
-
SUSE OpenStack Cloud Crowbar 9 (noarch)
- tomcat-lib-9.0.36-3.71.1
- tomcat-docs-webapp-9.0.36-3.71.1
- tomcat-javadoc-9.0.36-3.71.1
- tomcat-9.0.36-3.71.1
- tomcat-admin-webapps-9.0.36-3.71.1
- tomcat-servlet-4_0-api-9.0.36-3.71.1
- tomcat-webapps-9.0.36-3.71.1
- tomcat-jsp-2_3-api-9.0.36-3.71.1
- tomcat-el-3_0-api-9.0.36-3.71.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64)
- javapackages-tools-2.0.1-13.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch)
- tomcat-lib-9.0.36-3.71.1
- tomcat-docs-webapp-9.0.36-3.71.1
- tomcat-javadoc-9.0.36-3.71.1
- tomcat-9.0.36-3.71.1
- tomcat-admin-webapps-9.0.36-3.71.1
- tomcat-servlet-4_0-api-9.0.36-3.71.1
- tomcat-webapps-9.0.36-3.71.1
- tomcat-jsp-2_3-api-9.0.36-3.71.1
- tomcat-el-3_0-api-9.0.36-3.71.1
-
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64)
- javapackages-tools-2.0.1-13.1
-
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch)
- tomcat-lib-9.0.36-3.71.1
- tomcat-docs-webapp-9.0.36-3.71.1
- tomcat-javadoc-9.0.36-3.71.1
- tomcat-9.0.36-3.71.1
- tomcat-admin-webapps-9.0.36-3.71.1
- tomcat-servlet-4_0-api-9.0.36-3.71.1
- tomcat-webapps-9.0.36-3.71.1
- tomcat-jsp-2_3-api-9.0.36-3.71.1
- tomcat-el-3_0-api-9.0.36-3.71.1
-
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64)
- javapackages-tools-2.0.1-13.1
-
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch)
- tomcat-lib-9.0.36-3.71.1
- tomcat-docs-webapp-9.0.36-3.71.1
- tomcat-javadoc-9.0.36-3.71.1
- tomcat-9.0.36-3.71.1
- tomcat-admin-webapps-9.0.36-3.71.1
- tomcat-servlet-4_0-api-9.0.36-3.71.1
- tomcat-webapps-9.0.36-3.71.1
- tomcat-jsp-2_3-api-9.0.36-3.71.1
- tomcat-el-3_0-api-9.0.36-3.71.1
-
SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
- javapackages-tools-2.0.1-13.1
-
SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
- tomcat-lib-9.0.36-3.71.1
- tomcat-docs-webapp-9.0.36-3.71.1
- tomcat-javadoc-9.0.36-3.71.1
- tomcat-9.0.36-3.71.1
- tomcat-admin-webapps-9.0.36-3.71.1
- tomcat-servlet-4_0-api-9.0.36-3.71.1
- tomcat-webapps-9.0.36-3.71.1
- tomcat-jsp-2_3-api-9.0.36-3.71.1
- tomcat-el-3_0-api-9.0.36-3.71.1
-
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
- javapackages-tools-2.0.1-13.1
-
SUSE Linux Enterprise Server 12 SP5 (noarch)
- tomcat-lib-9.0.36-3.71.1
- tomcat-docs-webapp-9.0.36-3.71.1
- tomcat-javadoc-9.0.36-3.71.1
- tomcat-9.0.36-3.71.1
- tomcat-admin-webapps-9.0.36-3.71.1
- tomcat-servlet-4_0-api-9.0.36-3.71.1
- tomcat-webapps-9.0.36-3.71.1
- tomcat-jsp-2_3-api-9.0.36-3.71.1
- tomcat-el-3_0-api-9.0.36-3.71.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
- javapackages-tools-2.0.1-13.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
- tomcat-lib-9.0.36-3.71.1
- tomcat-docs-webapp-9.0.36-3.71.1
- tomcat-javadoc-9.0.36-3.71.1
- tomcat-9.0.36-3.71.1
- tomcat-admin-webapps-9.0.36-3.71.1
- tomcat-servlet-4_0-api-9.0.36-3.71.1
- tomcat-webapps-9.0.36-3.71.1
- tomcat-jsp-2_3-api-9.0.36-3.71.1
- tomcat-el-3_0-api-9.0.36-3.71.1
References:
- https://www.suse.com/security/cve/CVE-2021-30640.html
- https://www.suse.com/security/cve/CVE-2021-33037.html
- https://www.suse.com/security/cve/CVE-2021-41079.html
- https://bugzilla.suse.com/show_bug.cgi?id=1185476
- https://bugzilla.suse.com/show_bug.cgi?id=1188278
- https://bugzilla.suse.com/show_bug.cgi?id=1188279
- https://bugzilla.suse.com/show_bug.cgi?id=1190558