Overview

File _patchinfo of Package patchinfo.40274

<patchinfo incident="40274">
  <issue tracker="cve" id="2025-52520"/>
  <issue tracker="cve" id="2025-53506"/>
  <issue tracker="cve" id="2025-49125"/>
  <issue tracker="bnc" id="1246388">VUL-0: CVE-2025-52520: tomcat,tomcat10,tomcat11,tomcat6: integer overflow can lead to DoS for some unlikely configurations of multipart upload</issue>
  <issue tracker="bnc" id="1246318">VUL-0: CVE-2025-53506: tomcat,tomcat10,tomcat11: uncontrolled resource HTTP/2 client consumption vulnerability</issue>
  <packager>mbussolotto</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for tomcat11</summary>
  <description>This update for tomcat11 fixes the following issues:

Updated to Tomcat 11.0.9
- CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload (bsc#1246388)
- CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318)
    
Other:
- Correct a regression in the fix for CVE-2025-49125 that
  prevented access to PreResources and PostResources when mounted below the
  web application root with a path that was terminated with a file
  separator.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places