File _patchinfo of Package patchinfo.21530

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.21530

<patchinfo incident="21530">
  <issue tracker="cve" id="2021-41079"/>
  <issue tracker="cve" id="2021-30640"/>
  <issue tracker="cve" id="2021-33037"/>
  <issue tracker="bnc" id="1188279">VUL-0: CVE-2021-30640: tomcat6,tomcat: vulnerability in the JNDI Realm allows authentication using variations of a valid user name</issue>
  <issue tracker="bnc" id="1188278">VUL-0: CVE-2021-33037: tomcat6,tomcat: HTTP transfer-encoding request header not correctly parsed leading to possible request smuggling</issue>
  <issue tracker="bnc" id="1190558">VUL-0: CVE-2021-41079: tomcat: Apache Tomcat DoS with unexpected TLS packet</issue>
  <issue tracker="bnc" id="1185476">error message running tomcat "error: JVM_LIBDIR /usr/lib64/jvm-exports/java does not exist or is not a directory"</issue>
  <packager>fstrba</packager>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for tomcat</summary>
  <description>This update for tomcat, javapackages-tools fixes the following issue:

Security issue fixed:

- CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279).
- CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278).
- CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet (bsc#1190558).

Non-security issues fixed:

- Add requires and conflicts to avoid the usage of the incompatible 'Java 11' with 'Tomcat'. (bsc#1185476)
- Rebuild javapackages-tools to fix a missing package on s390.
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.21530

Places