Oval Definition:oval:org.opensuse.security:def:4983
Revision Date:2020-12-02Version:1
Title:Security update for tomcat (Important)
Description:

This update for tomcat to version 9.0.30 fixes the following issues:

Security issue fixed:

- CVE-2019-12418: Fixed a local privilege escalation by manipulating the RMI registry (bsc#1159723). - CVE-2019-17563: Fixed a session fixation attack when using FORM authentication (bsc#1159729).

Non-security issue fixed:

- Fixed a problem during startup, related to changes in Java 9+ APIs (bsc#1161025).
Family:unixClass:patch
Status:Reference(s):1051510
1061210
1065600
1065729
1071995
1094555
1105173
1111666
1112374
1114279
1128432
1134730
1134738
1135153
1135296
1135642
1136156
1136157
1136271
1136333
1137103
1137194
1137366
1137884
1137985
1138263
1138336
1138374
1138375
1138589
1138681
1138719
1138732
1139924
1141025
1144522
1151317
1152684
1155798
1158194
1159723
1159729
1161025
1165692
1168468
1170452
1171675
1171688
1173389
1174003
1174098
1175599
1175621
1175807
1176019
1176400
1176907
1176979
1177090
1177109
1177121
1177193
1177194
1177206
1177258
1177271
1177283
1177284
1177285
1177286
1177297
1177384
1177511
1177617
1177681
1177683
1177687
1177694
1177697
1177719
1177724
1177725
1177726
954532
CVE-2008-1686
CVE-2008-4989
CVE-2011-4128
CVE-2012-0037
CVE-2012-0390
CVE-2012-1569
CVE-2012-1573
CVE-2013-1981
CVE-2013-1991
CVE-2013-1997
CVE-2013-2000
CVE-2013-2004
CVE-2014-0092
CVE-2014-1959
CVE-2014-3158
CVE-2014-3466
CVE-2014-3634
CVE-2018-16871
CVE-2019-10072
CVE-2019-12418
CVE-2019-12614
CVE-2019-12817
CVE-2019-17563
CVE-2019-19451
CVE-2019-9853
CVE-2020-11996
CVE-2020-12105
CVE-2020-12351
CVE-2020-12352
CVE-2020-24490
CVE-2020-25641
CVE-2020-25643
CVE-2020-25645
SUSE-SU-2019:1744-1
SUSE-SU-2019:2982-1
SUSE-SU-2019:3391-1
SUSE-SU-2020:0226-1
SUSE-SU-2020:1337-1
SUSE-SU-2020:1962-1
SUSE-SU-2020:2980-1
Platform(s):SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise High Availability 12
SUSE Linux Enterprise High Availability 12 SP1
SUSE Linux Enterprise High Availability 12 SP2
SUSE Linux Enterprise High Availability 12 SP3
SUSE Linux Enterprise High Availability 12 SP4
SUSE Linux Enterprise High Availability 12 SP5
SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise Live Patching 12 SP3
SUSE Linux Enterprise Module for Advanced Systems Management 12
SUSE Linux Enterprise Module for Containers 12
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Module for Web Scripting 12
SUSE Linux Enterprise Module for Web Scripting 15
SUSE Linux Enterprise Module for Web Scripting 15 SP1
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 11-SECURITY
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for Rasperry Pi 12 SP2
SUSE Linux Enterprise Server for VMWare 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Workstation Extension 12
SUSE Linux Enterprise Workstation Extension 12 SP1
SUSE Linux Enterprise Workstation Extension 15 SP1
SUSE Linux Enterprise Workstation Extension 15 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • gnutls-2.4.1-24.39.57.1 is installed
  • OR libgnutls26-2.4.1-24.39.57.1 is installed
  • OR libgnutls26-32bit-2.4.1-24.39.57.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • gnutls-3.2.15-1 is installed
  • OR libgnutls28-3.2.15-1 is installed
  • OR libgnutls28-32bit-3.2.15-1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • alsa-1.0.27.2-11 is installed
  • OR libasound2-1.0.27.2-11 is installed
  • OR libasound2-32bit-1.0.27.2-11 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND cvs-1.12.12-181 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND argyllcms-1.6.3-3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND coolkey-1.1.0-148.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 is installed
  • AND Package Information
  • ctdb-4.2.4-18.44.2 is installed
  • OR samba-4.2.4-18.44.2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP1 is installed
  • AND Package Information
  • libpacemaker3-1.1.13-20.1 is installed
  • OR pacemaker-1.1.13-20.1 is installed
  • OR pacemaker-cli-1.1.13-20.1 is installed
  • OR pacemaker-cts-1.1.13-20.1 is installed
  • OR pacemaker-remote-1.1.13-20.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP2 is installed
  • AND Package Information
  • cluster-md-kmp-default-4.4.21-69 is installed
  • OR cluster-network-kmp-default-4.4.21-69 is installed
  • OR dlm-kmp-default-4.4.21-69 is installed
  • OR gfs2-kmp-default-4.4.21-69 is installed
  • OR ocfs2-kmp-default-4.4.21-69 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP3 is installed
  • AND conntrack-tools-1.4.2-5 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP4 is installed
  • AND Package Information
  • corosync-2.3.6-9.13 is installed
  • OR libcorosync4-2.3.6-9.13 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP5 is installed
  • AND haproxy-1.6.11-10 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Performance Computing 12 SP5 is installed
  • AND Package Information
  • MozillaFirefox-68.1.0-109.92 is installed
  • OR MozillaFirefox-translations-common-68.1.0-109.92 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Live Patching 12 is installed
  • AND Package Information
  • kgraft-patch-3_12_43-52_6-default-1-2.3 is installed
  • OR kgraft-patch-3_12_43-52_6-xen-1-2.3 is installed
  • OR kgraft-patch-SLE12_Update_5-1-2.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Live Patching 12 SP3 is installed
  • AND Package Information
  • kgraft-patch-4_4_73-5-default-2-2.3.2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_0-2-2.3.2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Advanced Systems Management 12 is installed
  • AND Package Information
  • puppet-3.8.5-15.3.3 is installed
  • OR puppet-server-3.8.5-15.3.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Containers 12 is installed
  • AND Package Information
  • ruby2.1-rubygem-rack-1_4-1.4.5-8.10 is installed
  • OR rubygem-rack-1_4-1.4.5-8.10 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 12 is installed
  • AND Package Information
  • kernel-ec2-3.12.43-52.6.1 is installed
  • OR kernel-ec2-devel-3.12.43-52.6.1 is installed
  • OR kernel-ec2-extra-3.12.43-52.6.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 12 is installed
  • AND Package Information
  • apache2-mod_php5-5.5.14-33.2 is installed
  • OR php5-5.5.14-33.2 is installed
  • OR php5-bcmath-5.5.14-33.2 is installed
  • OR php5-bz2-5.5.14-33.2 is installed
  • OR php5-calendar-5.5.14-33.2 is installed
  • OR php5-ctype-5.5.14-33.2 is installed
  • OR php5-curl-5.5.14-33.2 is installed
  • OR php5-dba-5.5.14-33.2 is installed
  • OR php5-dom-5.5.14-33.2 is installed
  • OR php5-enchant-5.5.14-33.2 is installed
  • OR php5-exif-5.5.14-33.2 is installed
  • OR php5-fastcgi-5.5.14-33.2 is installed
  • OR php5-fileinfo-5.5.14-33.2 is installed
  • OR php5-fpm-5.5.14-33.2 is installed
  • OR php5-ftp-5.5.14-33.2 is installed
  • OR php5-gd-5.5.14-33.2 is installed
  • OR php5-gettext-5.5.14-33.2 is installed
  • OR php5-gmp-5.5.14-33.2 is installed
  • OR php5-iconv-5.5.14-33.2 is installed
  • OR php5-intl-5.5.14-33.2 is installed
  • OR php5-json-5.5.14-33.2 is installed
  • OR php5-ldap-5.5.14-33.2 is installed
  • OR php5-mbstring-5.5.14-33.2 is installed
  • OR php5-mcrypt-5.5.14-33.2 is installed
  • OR php5-mysql-5.5.14-33.2 is installed
  • OR php5-odbc-5.5.14-33.2 is installed
  • OR php5-opcache-5.5.14-33.2 is installed
  • OR php5-openssl-5.5.14-33.2 is installed
  • OR php5-pcntl-5.5.14-33.2 is installed
  • OR php5-pdo-5.5.14-33.2 is installed
  • OR php5-pear-5.5.14-33.2 is installed
  • OR php5-pgsql-5.5.14-33.2 is installed
  • OR php5-posix-5.5.14-33.2 is installed
  • OR php5-pspell-5.5.14-33.2 is installed
  • OR php5-shmop-5.5.14-33.2 is installed
  • OR php5-snmp-5.5.14-33.2 is installed
  • OR php5-soap-5.5.14-33.2 is installed
  • OR php5-sockets-5.5.14-33.2 is installed
  • OR php5-sqlite-5.5.14-33.2 is installed
  • OR php5-suhosin-5.5.14-33.2 is installed
  • OR php5-sysvmsg-5.5.14-33.2 is installed
  • OR php5-sysvsem-5.5.14-33.2 is installed
  • OR php5-sysvshm-5.5.14-33.2 is installed
  • OR php5-tokenizer-5.5.14-33.2 is installed
  • OR php5-wddx-5.5.14-33.2 is installed
  • OR php5-xmlreader-5.5.14-33.2 is installed
  • OR php5-xmlrpc-5.5.14-33.2 is installed
  • OR php5-xmlwriter-5.5.14-33.2 is installed
  • OR php5-xsl-5.5.14-33.2 is installed
  • OR php5-zip-5.5.14-33.2 is installed
  • OR php5-zlib-5.5.14-33.2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 is installed
  • AND Package Information
  • tomcat-9.0.30-3.34 is installed
  • OR tomcat-admin-webapps-9.0.30-3.34 is installed
  • OR tomcat-el-3_0-api-9.0.30-3.34 is installed
  • OR tomcat-jsp-2_3-api-9.0.30-3.34 is installed
  • OR tomcat-lib-9.0.30-3.34 is installed
  • OR tomcat-servlet-4_0-api-9.0.30-3.34 is installed
  • OR tomcat-webapps-9.0.30-3.34 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed
  • AND Package Information
  • tomcat-9.0.36-4.38 is installed
  • OR tomcat-admin-webapps-9.0.36-4.38 is installed
  • OR tomcat-el-3_0-api-9.0.36-4.38 is installed
  • OR tomcat-jsp-2_3-api-9.0.36-4.38 is installed
  • OR tomcat-lib-9.0.36-4.38 is installed
  • OR tomcat-servlet-4_0-api-9.0.36-4.38 is installed
  • OR tomcat-webapps-9.0.36-4.38 is installed
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP3 is installed
  • AND
  • popt-1.7-37.60.2 is installed
  • OR popt-32bit-1.7-37.60.2 is installed
  • OR popt-x86-1.7-37.60.2 is installed
  • OR rpm-4.4.2.3-37.60.2 is installed
  • OR rpm-32bit-4.4.2.3-37.60.2 is installed
  • OR rpm-x86-4.4.2.3-37.60.2 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for VMWare 11 SP3 is installed
  • AND
  • popt-1.7-37.60.2 is installed
  • OR popt-32bit-1.7-37.60.2 is installed
  • OR popt-x86-1.7-37.60.2 is installed
  • OR rpm-4.4.2.3-37.60.2 is installed
  • OR rpm-32bit-4.4.2.3-37.60.2 is installed
  • OR rpm-x86-4.4.2.3-37.60.2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP3 is installed
  • AND Package Information
  • cyrus-imapd-2.3.11-60.65.64.1 is installed
  • OR perl-Cyrus-IMAP-2.3.11-60.65.64.1 is installed
  • OR perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.64.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND apache2-mod_nss-1.0.8-0.4.13.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 11-SECURITY is installed
  • AND Package Information
  • curl-openssl1-7.19.7-1.64.1 is installed
  • OR libcurl4-openssl1-7.19.7-1.64.1 is installed
  • OR libcurl4-openssl1-32bit-7.19.7-1.64.1 is installed
  • OR libcurl4-openssl1-x86-7.19.7-1.64.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 is installed
  • AND Package Information
  • dbus-1-1.8.12-6.5 is installed
  • OR dbus-1-x11-1.8.12-6.5 is installed
  • OR libdbus-1-3-1.8.12-6.1 is installed
  • OR libdbus-1-3-32bit-1.8.12-6.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • git-1.8.5.6-15.1 is installed
  • OR git-core-1.8.5.6-15.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • gdk-pixbuf-loader-rsvg-2.40.15-4 is installed
  • OR librsvg-2-2-2.40.15-4 is installed
  • OR librsvg-2-2-32bit-2.40.15-4 is installed
  • OR rsvg-view-2.40.15-4 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND ant-1.9.4-1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND apache2-mod_nss-1.0.14-19.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_60-52_54-default-2-2.2 is installed
  • OR kgraft-patch-3_12_60-52_54-xen-2-2.2 is installed
  • OR kgraft-patch-SLE12_Update_15-2-2.2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND Package Information
  • libsystemd0-228-149 is installed
  • OR libudev1-228-149 is installed
  • OR systemd-228-149 is installed
  • OR systemd-bash-completion-228-149 is installed
  • OR systemd-sysvinit-228-149 is installed
  • OR udev-228-149 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND Package Information
  • glibc-2.11.3-17.87.3 is installed
  • OR glibc-html-2.11.3-17.87.3 is installed
  • OR glibc-info-2.11.3-17.87.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP1 is installed
  • AND libXvMC-devel-1.0.8-3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP2 is installed
  • AND LibVNCServer-devel-0.9.9-16 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP3 is installed
  • AND LibVNCServer-devel-0.9.9-16 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 is installed
  • AND Package Information
  • finch-2.10.9-8.1 is installed
  • OR libpurple-2.10.9-8.1 is installed
  • OR libpurple-lang-2.10.9-8.1 is installed
  • OR libpurple-meanwhile-2.10.9-8.1 is installed
  • OR libpurple-tcl-2.10.9-8.1 is installed
  • OR pidgin-2.10.9-8.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 SP1 is installed
  • AND Package Information
  • kernel-default-3.12.59-60.45.2 is installed
  • OR kernel-default-extra-3.12.59-60.45.2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • kernel-default-4.12.14-197.7 is installed
  • OR kernel-default-extra-4.12.14-197.7 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP2 is installed
  • AND Package Information
  • kernel-default-5.3.18-24.29 is installed
  • OR kernel-default-extra-5.3.18-24.29 is installed
  • BACK