Overview

File _patchinfo of Package patchinfo.41570

<patchinfo incident="41570">
  <issue tracker="cve" id="2025-55752"/>
  <issue tracker="cve" id="2025-61795"/>
  <issue tracker="cve" id="2025-55754"/>
  <issue tracker="bnc" id="1252753">VUL-0: CVE-2025-55752: tomcat,tomcat10,tomcat11: directory traversal via rewrite with possible RCE if PUT is enabled</issue>
  <issue tracker="bnc" id="1252905">VUL-0: CVE-2025-55754: tomcat, tomcat10, tomcat11: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat</issue>
  <issue tracker="bnc" id="1252756">VUL-0: CVE-2025-61795: tomcat,tomcat10,tomcat11: temporary copies during the processing of multipart upload can lead to a denial of service</issue>
  <packager>RMestre</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for tomcat11</summary>
  <description>This update for tomcat11 fixes the following issues:

Update to Tomcat 11.0.13

 - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT
      is enabled (bsc#1252753)
  - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control 
      sequences vulnerability (bsc#1252905)
  - CVE-2025-61795: Fixed denial of service due to temporary copies during 
      the processing of multipart upload (bsc#1252756)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places