Overview

File _patchinfo of Package patchinfo.15149

<patchinfo incident="15149">
  <issue tracker="cve" id="2020-9484"/>
  <issue tracker="bnc" id="1171928">EMU: VUL-0: CVE-2020-9484: tomcat6,tomcat: Remote Code Execution via session persistence</issue>
  <packager>simotek</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for tomcat</summary>
  <description>This update for tomcat fixes the following issues:

- Update to Tomcat 9.0.35. See changelog at
  http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt)

* CVE-2020-9484 (bsc#1171928)
  Apache Tomcat Remote Code Execution via session persistence

  If an attacker was able to control the contents and name of a file on a
  server configured to use the PersistenceManager, then the attacker could
  have triggered a remote code execution via deserialization of the file under
  their control.

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places