Overview

File _patchinfo of Package patchinfo.39434

<patchinfo incident="39434">
  <issue tracker="cve" id="2025-49125"/>
  <issue tracker="cve" id="2025-46701"/>
  <issue tracker="cve" id="2025-48988"/>
  <issue tracker="bnc" id="1244656">VUL-0: CVE-2025-48988: tomcat,tomcat10,tomcat11: allocation of resources without limits when processing multipart requests can lead to significant memory usage and DoS</issue>
  <issue tracker="bnc" id="1244649">VUL-0: CVE-2025-49125: tomcat,tomcat10,tomcat11: authentication bypass thorugh an alternate path or channel when using PreResources or PostResources mounted other than at the root of the web application</issue>
  <issue tracker="bnc" id="1243815">VUL-0: CVE-2025-46701: tomcat: Security constraint bypass for CGI</issue>
  <packager>mbussolotto</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for tomcat</summary>
  <description>This update for tomcat fixes the following issues:

 - CVE-2025-46701: Refactored CGI servlet to access resources via WebResources (bsc#1243815).
 - CVE-2025-48988: Limited the total number of parts in a multi-part request and limits the size of the headers provided with each part (bsc#1244656).
 - CVE-2025-49125: Expand checks for webAppMount (bsc#1244649).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places