Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP3:Update
patchinfo.31365
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.31365
<patchinfo incident="31365"> <issue tracker="cve" id="2023-42795"/> <issue tracker="cve" id="2023-42794"/> <issue tracker="cve" id="2023-45648"/> <issue tracker="cve" id="2023-46589"/> <issue tracker="cve" id="2024-22029"/> <issue tracker="bnc" id="1217649">VUL-0: CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to incorrect headers parsing</issue> <issue tracker="bnc" id="1216120">VUL-0: CVE-2023-42794: tomcat: FileUpload: DoS due to accumulation of temporary files on Windows</issue> <issue tracker="bnc" id="1216119">VUL-0: CVE-2023-42795: tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests</issue> <issue tracker="bnc" id="1216118">VUL-0: CVE-2023-45648: tomcat: Trailer header parsing too lenient</issue> <issue tracker="bnc" id="1217768">tomcat: updating/patching changes ownership/permissions of server.xml</issue> <issue tracker="bnc" id="1217402">AUDIT-FIND: Updating server configuration as root while parsing untrusted data</issue> <issue tracker="bnc" id="1219208">VUL-0: EMBARGOED: CVE-2024-22029: tomcat: Escalation to root from tomcat user via %post script</issue> <packager>mbussolotto</packager> <rating>important</rating> <category>security</category> <summary>Security update for tomcat</summary> <description>This update for tomcat fixes the following issues: Updated to Tomcat 9.0.85: - CVE-2023-45648: Improve trailer header parsing (bsc#1216118). - CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows (bsc#1216120). - CVE-2023-42795: Improve handling of failures during recycle() methods (bsc#1216119). - CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649) - CVE-2024-22029: Fixed escalation to root from tomcat user via %post script. (bsc#1219208) The following non-security issues were fixed: - Fixed the file permissions for server.xml (bsc#1217768, bsc#1217402). Find the full release notes at: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
