Oval Definition:	oval:org.opensuse.security:def:5017
Revision Date: 2020-12-02 Version: 1 Title: Security update for tomcat (Important) Description: This update for tomcat to version 9.0.31 fixes the following issues: Security issues fixed: - CVE-2019-17569: Fixed a regression in the handling of Transfer-Encoding headers that would have allowed HTTP Request Smuggling (bsc#1164825). - CVE-2020-1935: Fixed an HTTP Request Smuggling issue (bsc#1164860). - CVE-2020-1938: Fixed a file contents disclosure vulnerability (bsc#1164692). Family: unix Class: patch Status: Reference(s): 1001215 1055014 1061843 1065600 1065729 1066382 1073627 1077428 1112178 1117632 1131277 1134760 1164692 1164825 1164860 1166238 1170415 1171558 1173432 1173576 1174748 1176354 1176485 1176560 1176713 1176723 1177086 1177101 1177271 1177281 1177410 1177411 1177470 1177687 1177719 1177740 1177749 1177750 1177753 1177754 1177755 1177766 1177855 1177856 1177861 1178003 1178027 1178166 1178185 1178187 1178188 1178202 1178234 1178330 999199 CVE-2006-7250 CVE-2007-4129 CVE-2007-4129 CVE-2008-2109 CVE-2009-0590 CVE-2009-0591 CVE-2009-0696 CVE-2009-0789 CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-3241 CVE-2009-3242 CVE-2009-3243 CVE-2009-3245 CVE-2009-3555 CVE-2009-4022 CVE-2009-4355 CVE-2010-0740 CVE-2010-1455 CVE-2010-2939 CVE-2010-2993 CVE-2010-3445 CVE-2010-3613 CVE-2010-3614 CVE-2010-3615 CVE-2010-3864 CVE-2010-4180 CVE-2010-4252 CVE-2010-4300 CVE-2010-4301 CVE-2010-4538 CVE-2011-0014 CVE-2011-0024 CVE-2011-0414 CVE-2011-0538 CVE-2011-0713 CVE-2011-1138 CVE-2011-1139 CVE-2011-1140 CVE-2011-1143 CVE-2011-1590 CVE-2011-1591 CVE-2011-1592 CVE-2011-1907 CVE-2011-1910 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2464 CVE-2011-2597 CVE-2011-2698 CVE-2011-3172 CVE-2011-3210 CVE-2011-3266 CVE-2011-3360 CVE-2011-3483 CVE-2011-4108 CVE-2011-4109 CVE-2011-4313 CVE-2011-4354 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2011-5095 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-1667 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3548 CVE-2012-3817 CVE-2012-3868 CVE-2012-4048 CVE-2012-4049 CVE-2012-4244 CVE-2012-4285 CVE-2012-4286 CVE-2012-4287 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4294 CVE-2012-4295 CVE-2012-4296 CVE-2012-4297 CVE-2012-4298 CVE-2012-4929 CVE-2012-5166 CVE-2012-5237 CVE-2012-5238 CVE-2012-5239 CVE-2012-5240 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 CVE-2012-5688 CVE-2012-5689 CVE-2013-0166 CVE-2013-0169 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 CVE-2013-1991 CVE-2013-2000 CVE-2013-2266 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 CVE-2013-3555 CVE-2013-3556 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3561 CVE-2013-3562 CVE-2013-4083 CVE-2013-4854 CVE-2013-4920 CVE-2013-4921 CVE-2013-4922 CVE-2013-4923 CVE-2013-4924 CVE-2013-4925 CVE-2013-4926 CVE-2013-4927 CVE-2013-4928 CVE-2013-4929 CVE-2013-4930 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-4936 CVE-2013-5717 CVE-2013-5718 CVE-2013-5719 CVE-2013-5720 CVE-2013-5721 CVE-2013-5722 CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 CVE-2014-0076 CVE-2014-0221 CVE-2014-0224 CVE-2014-0591 CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 CVE-2014-2907 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3510 CVE-2014-4020 CVE-2014-5161 CVE-2014-5162 CVE-2014-5163 CVE-2014-5164 CVE-2014-5165 CVE-2014-8500 CVE-2015-1349 CVE-2015-4620 CVE-2015-5477 CVE-2015-5722 CVE-2016-7044 CVE-2016-7045 CVE-2016-7553 CVE-2017-17789 CVE-2018-16476 CVE-2019-17569 CVE-2019-20503 CVE-2020-0430 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-14351 CVE-2020-16120 CVE-2020-1935 CVE-2020-1938 CVE-2020-25285 CVE-2020-25656 CVE-2020-27673 CVE-2020-27675 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 CVE-2020-8694 SUSE-SU-2016:2524-1 SUSE-SU-2018:3996-1 SUSE-SU-2020:0631-1 SUSE-SU-2020:0721-1 SUSE-SU-2020:1900-1 SUSE-SU-2020:2604-1 SUSE-SU-2020:3272-1 Platform(s): SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise High Availability 12 SP1 SUSE Linux Enterprise High Availability 12 SP2 SUSE Linux Enterprise High Availability 12 SP3 SUSE Linux Enterprise High Availability 12 SP4 SUSE Linux Enterprise High Availability 12 SP5 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Live Patching 12 SP3 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Module for Web Scripting 15 SP1 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for Rasperry Pi 12 SP2 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE OpenStack Cloud 5 SUSE Package Hub for SUSE Linux Enterprise 12 Product(s): Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information MozillaFirefox-10.0.12-0.4.1 is installed OR MozillaFirefox-translations-10.0.12-0.4.1 is installed OR libfreebl3-3.14.1-0.3.1 is installed OR libfreebl3-32bit-3.14.1-0.3.1 is installed OR mozilla-nspr-4.9.4-0.3.1 is installed OR mozilla-nspr-32bit-4.9.4-0.3.1 is installed OR mozilla-nss-3.14.1-0.3.1 is installed OR mozilla-nss-32bit-3.14.1-0.3.1 is installed OR mozilla-nss-tools-3.14.1-0.3.1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND kvm-1.4.2-37.1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND coolkey-1.1.0-147 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information bind-libs-9.9.6P1-30 is installed OR bind-libs-32bit-9.9.6P1-30 is installed OR bind-utils-9.9.6P1-30 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information accountsservice-0.6.42-14 is installed OR accountsservice-lang-0.6.42-14 is installed OR libaccountsservice0-0.6.42-14 is installed OR typelib-1_0-AccountsService-1_0-0.6.42-14 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information avahi-0.6.32-30 is installed OR avahi-lang-0.6.32-30 is installed OR libavahi-client3-0.6.32-30 is installed OR libavahi-client3-32bit-0.6.32-30 is installed OR libavahi-common3-0.6.32-30 is installed OR libavahi-common3-32bit-0.6.32-30 is installed OR libavahi-core7-0.6.32-30 is installed OR libdns_sd-0.6.32-30 is installed OR libdns_sd-32bit-0.6.32-30 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND ft2demos-2.6.3-7.15 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 is installed AND haproxy-1.5.4-2.4.1 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP1 is installed AND Package Information libpacemaker3-1.1.13-20.1 is installed OR pacemaker-1.1.13-20.1 is installed OR pacemaker-cli-1.1.13-20.1 is installed OR pacemaker-cts-1.1.13-20.1 is installed OR pacemaker-remote-1.1.13-20.1 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP2 is installed AND Package Information libpcreposix0-8.39-7.1 is installed OR pcre-8.39-7.1 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP3 is installed AND libpcreposix0-8.39-7 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP4 is installed AND Package Information corosync-2.3.6-9.13 is installed OR libcorosync4-2.3.6-9.13 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP5 is installed AND ctdb-4.10.5+git.129.35f7bb6e177-1 is installed Definition Synopsis SUSE Linux Enterprise High Availability 15 is installed AND Package Information ruby2.5-rubygem-activejob-5_1-5.1.4-3.3 is installed OR rubygem-activejob-5_1-5.1.4-3.3 is installed Definition Synopsis SUSE Linux Enterprise High Performance Computing 12 SP5 is installed AND Package Information DirectFB-1.7.1-6 is installed OR lib++dfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-1.7.1-6 is installed Definition Synopsis SUSE Linux Enterprise Live Patching 12 is installed AND Package Information kgraft-patch-3_12_39-47-default-1-2.1 is installed OR kgraft-patch-3_12_39-47-xen-1-2.1 is installed OR kgraft-patch-SLE12_Update_4-1-2.1 is installed Definition Synopsis SUSE Linux Enterprise Live Patching 12 SP3 is installed AND Package Information kgraft-patch-4_4_82-6_3-default-1-2.1 is installed OR kgraft-patch-SLE12-SP3_Update_1-1-2.1 is installed Definition Synopsis SUSE Linux Enterprise Module for Advanced Systems Management 12 is installed AND Package Information puppet-3.6.2-3 is installed OR puppet-server-3.6.2-3 is installed Definition Synopsis SUSE Linux Enterprise Module for Containers 12 is installed AND sles12-docker-image-1.1.1-20160307082632 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 12 is installed AND Package Information compat-libldap-2_3-0-2.3.37-16.1 is installed OR openldap2-2.4.39-16.1 is installed Definition Synopsis SUSE Linux Enterprise Module for Public Cloud 12 is installed AND python-PyYAML-3.10-15.1 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 12 is installed AND Package Information apache2-mod_php5-5.5.14-15.1 is installed OR php5-5.5.14-15.1 is installed OR php5-bcmath-5.5.14-15.1 is installed OR php5-bz2-5.5.14-15.1 is installed OR php5-calendar-5.5.14-15.1 is installed OR php5-ctype-5.5.14-15.1 is installed OR php5-curl-5.5.14-15.1 is installed OR php5-dba-5.5.14-15.1 is installed OR php5-dom-5.5.14-15.1 is installed OR php5-enchant-5.5.14-15.1 is installed OR php5-exif-5.5.14-15.1 is installed OR php5-fastcgi-5.5.14-15.1 is installed OR php5-fileinfo-5.5.14-15.1 is installed OR php5-fpm-5.5.14-15.1 is installed OR php5-ftp-5.5.14-15.1 is installed OR php5-gd-5.5.14-15.1 is installed OR php5-gettext-5.5.14-15.1 is installed OR php5-gmp-5.5.14-15.1 is installed OR php5-iconv-5.5.14-15.1 is installed OR php5-intl-5.5.14-15.1 is installed OR php5-json-5.5.14-15.1 is installed OR php5-ldap-5.5.14-15.1 is installed OR php5-mbstring-5.5.14-15.1 is installed OR php5-mcrypt-5.5.14-15.1 is installed OR php5-mysql-5.5.14-15.1 is installed OR php5-odbc-5.5.14-15.1 is installed OR php5-openssl-5.5.14-15.1 is installed OR php5-pcntl-5.5.14-15.1 is installed OR php5-pdo-5.5.14-15.1 is installed OR php5-pear-5.5.14-15.1 is installed OR php5-pgsql-5.5.14-15.1 is installed OR php5-pspell-5.5.14-15.1 is installed OR php5-shmop-5.5.14-15.1 is installed OR php5-snmp-5.5.14-15.1 is installed OR php5-soap-5.5.14-15.1 is installed OR php5-sockets-5.5.14-15.1 is installed OR php5-sqlite-5.5.14-15.1 is installed OR php5-suhosin-5.5.14-15.1 is installed OR php5-sysvmsg-5.5.14-15.1 is installed OR php5-sysvsem-5.5.14-15.1 is installed OR php5-sysvshm-5.5.14-15.1 is installed OR php5-tokenizer-5.5.14-15.1 is installed OR php5-wddx-5.5.14-15.1 is installed OR php5-xmlreader-5.5.14-15.1 is installed OR php5-xmlrpc-5.5.14-15.1 is installed OR php5-xmlwriter-5.5.14-15.1 is installed OR php5-xsl-5.5.14-15.1 is installed OR php5-zip-5.5.14-15.1 is installed OR php5-zlib-5.5.14-15.1 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed AND Package Information tomcat-9.0.31-4.22 is installed OR tomcat-admin-webapps-9.0.31-4.22 is installed OR tomcat-el-3_0-api-9.0.31-4.22 is installed OR tomcat-jsp-2_3-api-9.0.31-4.22 is installed OR tomcat-lib-9.0.31-4.22 is installed OR tomcat-servlet-4_0-api-9.0.31-4.22 is installed OR tomcat-webapps-9.0.31-4.22 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 11 SP3 is installed AND strongswan-4.4.0-6.32.1 is installed OR strongswan-doc-4.4.0-6.32.1 is installed OR Package Information SUSE Linux Enterprise Server for VMWare 11 SP3 is installed AND strongswan-4.4.0-6.32.1 is installed OR strongswan-doc-4.4.0-6.32.1 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP3 is installed AND Package Information gvim-7.2-8.15.2 is installed OR vim-7.2-8.15.2 is installed OR vim-base-7.2-8.15.2 is installed OR vim-data-7.2-8.15.2 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP4 is installed AND Package Information MozillaFirefox-31.7.0esr-0.8.1 is installed OR MozillaFirefox-translations-31.7.0esr-0.8.1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 is installed AND Package Information augeas-1.2.0-1 is installed OR augeas-lenses-1.2.0-1 is installed OR libaugeas0-1.2.0-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information LibVNCServer-0.9.9-16.1 is installed OR libvncclient0-0.9.9-16.1 is installed OR libvncserver0-0.9.9-16.1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information krb5-1.12.5-39 is installed OR krb5-32bit-1.12.5-39 is installed OR krb5-client-1.12.5-39 is installed OR krb5-doc-1.12.5-39 is installed OR krb5-plugin-kdb-ldap-1.12.5-39 is installed OR krb5-plugin-preauth-otp-1.12.5-39 is installed OR krb5-plugin-preauth-pkinit-1.12.5-39 is installed OR krb5-server-1.12.5-39 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND ant-1.9.4-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information colord-gtk-lang-0.1.26-6 is installed OR libcolord-gtk1-0.1.26-6 is installed OR libcolord2-1.3.3-12 is installed OR libcolord2-32bit-1.3.3-12 is installed OR libcolorhug2-1.3.3-12 is installed Definition Synopsis SUSE Linux Enterprise Server 12-LTSS is installed AND Package Information kgraft-patch-3_12_60-52_49-default-2-2.2 is installed OR kgraft-patch-3_12_60-52_49-xen-2-2.2 is installed OR kgraft-patch-SLE12_Update_14-2-2.2 is installed Definition Synopsis SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND Package Information gnome-shell-3.20.4-77.7 is installed OR gnome-shell-browser-plugin-3.20.4-77.7 is installed OR gnome-shell-lang-3.20.4-77.7 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 11 SP4 is installed AND Package Information libksba-1.0.4-1.25.1 is installed OR libksba-devel-1.0.4-1.25.1 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP1 is installed AND libksba-devel-1.3.0-9 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP2 is installed AND Package Information DirectFB-devel-1.7.1-6 is installed OR lib++dfb-devel-1.7.1-6 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP3 is installed AND Package Information FastCGI-2.4.0-168 is installed OR FastCGI-devel-2.4.0-168 is installed OR perl-FastCGI-2.4.0-168 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 is installed AND Package Information flash-player-11.2.202.460-83.1 is installed OR flash-player-gnome-11.2.202.460-83.1 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 SP1 is installed AND Package Information libmysqlclient_r18-10.0.26-9.2 is installed OR libmysqlclient_r18-32bit-10.0.26-9.2 is installed OR mariadb-10.0.26-9.2 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information MozillaThunderbird-68.10.0-3.88 is installed OR MozillaThunderbird-translations-common-68.10.0-3.88 is installed OR MozillaThunderbird-translations-other-68.10.0-3.88 is installed Definition Synopsis SUSE Package Hub for SUSE Linux Enterprise 12 is installed AND Package Information irssi-0.8.20-9 is installed OR irssi-devel-0.8.20-9 is installed
BACK