Overview

File _patchinfo of Package patchinfo.22627

<patchinfo incident="22627">
  <issue tracker="cve" id="2022-23181"/>
  <issue tracker="bnc" id="1195255">VUL-1: CVE-2022-23181: tomcat: local privilege escalation vulnerability</issue>
  <issue tracker="bnc" id="1196137">Partner-L3: tomcat depencency on log4j 1.x</issue>
  <issue tracker="bnc" id="1196091">L3: upgrade conflict for java-headless when updating tomcat with 3rd party java installed.</issue>
  <packager>mbussolotto</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for tomcat</summary>
  <description>This update for tomcat fixes the following issues:

Security issues fixed:

- CVE-2022-23181: Fixed time of check, time of use vulnerability that allowed local privilege escalation. (bsc#1195255)
- Remove log4j dependency, which is currently directly in use (bsc#1196137)

- Make the package RPM conflict even more specific to conflict with java-openjdk-headless >= 9 (bsc#1196091)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places