Overview

File _patchinfo of Package patchinfo.21643

<patchinfo incident="21643">
  <issue tracker="cve" id="2021-41079"/>
  <issue tracker="cve" id="2021-30640"/>
  <issue tracker="cve" id="2021-33037"/>
  <issue tracker="bnc" id="1188279">VUL-0: CVE-2021-30640: tomcat6,tomcat: vulnerability in the JNDI Realm allows authentication using variations of a valid user name</issue>
  <issue tracker="bnc" id="1188278">VUL-0: CVE-2021-33037: tomcat6,tomcat: HTTP transfer-encoding request header not correctly parsed leading to possible request smuggling</issue>
  <issue tracker="bnc" id="1190558">VUL-0: CVE-2021-41079: tomcat: Apache Tomcat DoS with unexpected TLS packet</issue>
  <packager>mbussolotto</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for tomcat</summary>
  <description>This update for tomcat fixes the following issues:

- CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279).
- CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278).
- CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet (bsc#1190558).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places