Recommended update for tomcat

Announcement ID:	SUSE-RU-2020:1024-1
Rating:	moderate
References:	bsc#1161083 bsc#1167438
Affected Products:	SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 Web and Scripting Module 15-SP1

An update that has two fixes can now be installed.

Description:

This update for tomcat fixes the following issue:

Update from Tomcat 9.0.31 to Tomcat 9.0.33.

• Regression in HTTP header parsing. (bsc#1167438)

The update improves the validation of the HTTP header parsing causing requests to be incorrectly treated as invalid if a CRLF sequence was split between TCP packets. Has been also improved the validation of request lines, including for HTTP/0.9 requests.

• Fix NoSuchMethodError in the HTTP APR connector when using openjdk 1.8. (bsc#1161083)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Web and Scripting Module 15-SP1
  zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-1024=1

Package List:

• Web and Scripting Module 15-SP1 (noarch)
  • tomcat-9.0.33-4.27.1
  • tomcat-jsp-2_3-api-9.0.33-4.27.1
  • tomcat-webapps-9.0.33-4.27.1
  • tomcat-servlet-4_0-api-9.0.33-4.27.1
  • tomcat-el-3_0-api-9.0.33-4.27.1
  • tomcat-lib-9.0.33-4.27.1
  • tomcat-admin-webapps-9.0.33-4.27.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1161083
• https://bugzilla.suse.com/show_bug.cgi?id=1167438