Oval Definition:oval:org.opensuse.security:def:127376
Revision Date:2022-03-09Version:1
Title:Security update for tomcat (Important)
Description:

This update for tomcat fixes the following issues:

Security issues fixed:

- CVE-2022-23181: Fixed time of check, time of use vulnerability that allowed local privilege escalation. (bsc#1195255) - Remove log4j dependency, which is currently directly in use (bsc#1196137)

- Make the package RPM conflict even more specific to conflict with java-openjdk-headless >= 9 (bsc#1196091)
Family:unixClass:patch
Status:Reference(s):1195255
1196091
1196137
CVE-2022-23181
SUSE-SU-2022:0784-1
Platform(s):SUSE Linux Enterprise Server 12 SP4-LTSS
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-LTSS is installed
  • AND Package Information
  • javapackages-filesystem-5.3.1-14.5.1 is installed
  • OR tomcat-9.0.36-3.84.1 is installed
  • OR tomcat-admin-webapps-9.0.36-3.84.1 is installed
  • OR tomcat-docs-webapp-9.0.36-3.84.1 is installed
  • OR tomcat-el-3_0-api-9.0.36-3.84.1 is installed
  • OR tomcat-javadoc-9.0.36-3.84.1 is installed
  • OR tomcat-jsp-2_3-api-9.0.36-3.84.1 is installed
  • OR tomcat-lib-9.0.36-3.84.1 is installed
  • OR tomcat-servlet-4_0-api-9.0.36-3.84.1 is installed
  • OR tomcat-webapps-9.0.36-3.84.1 is installed
  • BACK