Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
patchinfo.21530
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.21530
<patchinfo incident="21530"> <issue tracker="cve" id="2021-41079"/> <issue tracker="cve" id="2021-30640"/> <issue tracker="cve" id="2021-33037"/> <issue tracker="bnc" id="1188279">VUL-0: CVE-2021-30640: tomcat6,tomcat: vulnerability in the JNDI Realm allows authentication using variations of a valid user name</issue> <issue tracker="bnc" id="1188278">VUL-0: CVE-2021-33037: tomcat6,tomcat: HTTP transfer-encoding request header not correctly parsed leading to possible request smuggling</issue> <issue tracker="bnc" id="1190558">VUL-0: CVE-2021-41079: tomcat: Apache Tomcat DoS with unexpected TLS packet</issue> <issue tracker="bnc" id="1185476">error message running tomcat "error: JVM_LIBDIR /usr/lib64/jvm-exports/java does not exist or is not a directory"</issue> <packager>fstrba</packager> <category>security</category> <rating>important</rating> <summary>Security update for tomcat</summary> <description>This update for tomcat, javapackages-tools fixes the following issue: Security issue fixed: - CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279). - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278). - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet (bsc#1190558). Non-security issues fixed: - Add requires and conflicts to avoid the usage of the incompatible 'Java 11' with 'Tomcat'. (bsc#1185476) - Rebuild javapackages-tools to fix a missing package on s390. </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor