Oval Definition:oval:org.opensuse.security:def:5159
Revision Date:2020-12-02Version:1
Title:Security update for tomcat (Important)
Description:

This update for tomcat fixes the following issues:

- Update to Tomcat 9.0.35. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt)

CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence

If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control.

Family:unixClass:patch
Status:Reference(s):1171928
1173274
CVE-2006-2607
CVE-2008-4225
CVE-2008-4226
CVE-2008-4409
CVE-2009-1720
CVE-2009-1721
CVE-2010-0424
CVE-2010-2891
CVE-2010-4494
CVE-2011-0460
CVE-2011-0461
CVE-2011-1944
CVE-2011-3389
CVE-2011-4944
CVE-2012-0845
CVE-2012-1150
CVE-2012-2812
CVE-2012-2813
CVE-2012-2814
CVE-2012-2836
CVE-2012-2837
CVE-2012-2840
CVE-2012-2841
CVE-2012-4504
CVE-2012-5134
CVE-2013-0338
CVE-2013-1752
CVE-2013-1969
CVE-2013-1984
CVE-2013-1991
CVE-2013-1995
CVE-2013-1998
CVE-2013-2000
CVE-2013-4238
CVE-2014-0172
CVE-2014-0191
CVE-2014-2667
CVE-2014-4650
CVE-2014-5461
CVE-2014-9447
CVE-2020-14422
CVE-2020-9484
SUSE-SU-2020:1364-1
SUSE-SU-2020:1822-1
Platform(s):openSUSE 13.1
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise High Availability 12 SP2
SUSE Linux Enterprise High Availability 12 SP3
SUSE Linux Enterprise High Availability 12 SP4
SUSE Linux Enterprise High Availability 12 SP5
SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise Live Patching 12 SP3
SUSE Linux Enterprise Module for Advanced Systems Management 12
SUSE Linux Enterprise Module for Containers 12
SUSE Linux Enterprise Module for Legacy Software 12
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Module for Web Scripting 12
SUSE Linux Enterprise Point of Sale 12 SP2
SUSE Linux Enterprise Real Time Extension 12 SP1
SUSE Linux Enterprise Real Time Extension 12 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Workstation Extension 12
SUSE Linux Enterprise Workstation Extension 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP2
SUSE OpenStack Cloud 5
Product(s):
Definition Synopsis
  • SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed
  • AND Package Information
  • python-glanceclient-0.15.0-3.1 is installed
  • OR python-keystoneclient-1.0.0-19.1 is installed
  • OR python-keystoneclient-doc-1.0.0-19.1 is installed
  • OR python-keystonemiddleware-1.2.0-4.1 is installed
  • OR python-novaclient-2.20.0-6.1 is installed
  • OR python-novaclient-doc-2.20.0-6.1 is installed
  • OR python-swiftclient-2.3.1-3.1 is installed
  • OR python-swiftclient-doc-2.3.1-3.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • MozillaFirefox-10.0.10-0.3.1 is installed
  • OR MozillaFirefox-translations-10.0.10-0.3.1 is installed
  • OR mozilla-nspr-4.9.3-0.2.1 is installed
  • OR mozilla-nspr-32bit-4.9.3-0.2.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-38.4.0esr-25.6 is installed
  • OR MozillaFirefox-branding-SLED-38-15.31 is installed
  • OR MozillaFirefox-translations-38.4.0esr-25.6 is installed
  • OR libfreebl3-3.19.2.1-19.3 is installed
  • OR libfreebl3-32bit-3.19.2.1-19.3 is installed
  • OR libsoftokn3-3.19.2.1-19.3 is installed
  • OR libsoftokn3-32bit-3.19.2.1-19.3 is installed
  • OR mozilla-nspr-4.10.10-16.1 is installed
  • OR mozilla-nspr-32bit-4.10.10-16.1 is installed
  • OR mozilla-nss-3.19.2.1-19.3 is installed
  • OR mozilla-nss-32bit-3.19.2.1-19.3 is installed
  • OR mozilla-nss-tools-3.19.2.1-19.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND kbd-1.15.5-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • aaa_base-13.2+git20140911.61c1681-9 is installed
  • OR aaa_base-extras-13.2+git20140911.61c1681-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • NetworkManager-1.0.12-8 is installed
  • OR NetworkManager-lang-1.0.12-8 is installed
  • OR libnm-glib-vpn1-1.0.12-8 is installed
  • OR libnm-glib4-1.0.12-8 is installed
  • OR libnm-util2-1.0.12-8 is installed
  • OR libnm0-1.0.12-8 is installed
  • OR typelib-1_0-NM-1_0-1.0.12-8 is installed
  • OR typelib-1_0-NMClient-1_0-1.0.12-8 is installed
  • OR typelib-1_0-NetworkManager-1_0-1.0.12-8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • MozillaFirefox-52.2.0esr-108 is installed
  • OR MozillaFirefox-translations-52.2.0esr-108 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-71.85 is installed
  • OR libMagick++-6_Q16-3-6.8.8.1-71.85 is installed
  • OR libMagickCore-6_Q16-1-6.8.8.1-71.85 is installed
  • OR libMagickCore-6_Q16-1-32bit-6.8.8.1-71.85 is installed
  • OR libMagickWand-6_Q16-1-6.8.8.1-71.85 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP2 is installed
  • AND ruby2.1-rubygem-bundler-1.7.3-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP3 is installed
  • AND ctdb-4.6.5+git.27.6afd48b1083-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP4 is installed
  • AND ctdb-4.6.16+git.124.aee309c5c18-3.32 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP5 is installed
  • AND libpcreposix0-8.39-8.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Performance Computing 12 SP5 is installed
  • AND Package Information
  • at-3.1.14-8.6 is installed
  • OR flex-2.5.37-8 is installed
  • OR flex-32bit-2.5.37-8 is installed
  • OR libQtWebKit4-4.8.7+2.3.4-4.7 is installed
  • OR libQtWebKit4-32bit-4.8.7+2.3.4-4.7 is installed
  • OR libbonobo-2.32.1-16 is installed
  • OR libbonobo-32bit-2.32.1-16 is installed
  • OR libbonobo-doc-2.32.1-16 is installed
  • OR libbonobo-lang-2.32.1-16 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15-ESPOS is installed
  • AND
  • tomcat-9.0.35-3.52 is installed
  • OR tomcat-admin-webapps-9.0.35-3.52 is installed
  • OR tomcat-el-3_0-api-9.0.35-3.52 is installed
  • OR tomcat-jsp-2_3-api-9.0.35-3.52 is installed
  • OR tomcat-lib-9.0.35-3.52 is installed
  • OR tomcat-servlet-4_0-api-9.0.35-3.52 is installed
  • OR tomcat-webapps-9.0.35-3.52 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 15-LTSS is installed
  • AND
  • tomcat-9.0.35-3.52 is installed
  • OR tomcat-admin-webapps-9.0.35-3.52 is installed
  • OR tomcat-el-3_0-api-9.0.35-3.52 is installed
  • OR tomcat-jsp-2_3-api-9.0.35-3.52 is installed
  • OR tomcat-lib-9.0.35-3.52 is installed
  • OR tomcat-servlet-4_0-api-9.0.35-3.52 is installed
  • OR tomcat-webapps-9.0.35-3.52 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Live Patching 12 is installed
  • AND Package Information
  • kgraft-patch-3_12_38-44-default-1-2 is installed
  • OR kgraft-patch-3_12_38-44-xen-1-2 is installed
  • OR kgraft-patch-SLE12_Update_3-1-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Live Patching 12 SP3 is installed
  • AND Package Information
  • kgraft-patch-4_4_73-5-default-2-2.3.2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_0-2-2.3.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Advanced Systems Management 12 is installed
  • AND Package Information
  • puppet-3.6.2-3 is installed
  • OR puppet-server-3.6.2-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Containers 12 is installed
  • AND Package Information
  • ruby2.1-rubygem-passenger-5.0.18-6.1 is installed
  • OR rubygem-passenger-5.0.18-6.1 is installed
  • OR rubygem-passenger-apache2-5.0.18-6.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 12 is installed
  • AND Package Information
  • java-1_6_0-ibm-1.6.0_sr16.2-8.1 is installed
  • OR java-1_6_0-ibm-fonts-1.6.0_sr16.2-8.1 is installed
  • OR java-1_6_0-ibm-jdbc-1.6.0_sr16.2-8.1 is installed
  • OR java-1_6_0-ibm-plugin-1.6.0_sr16.2-8.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 12 is installed
  • AND Package Information
  • kernel-ec2-3.12.38-44.1 is installed
  • OR kernel-ec2-devel-3.12.38-44.1 is installed
  • OR kernel-ec2-extra-3.12.38-44.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 12 is installed
  • AND Package Information
  • apache2-mod_php5-5.5.14-15.1 is installed
  • OR php5-5.5.14-15.1 is installed
  • OR php5-bcmath-5.5.14-15.1 is installed
  • OR php5-bz2-5.5.14-15.1 is installed
  • OR php5-calendar-5.5.14-15.1 is installed
  • OR php5-ctype-5.5.14-15.1 is installed
  • OR php5-curl-5.5.14-15.1 is installed
  • OR php5-dba-5.5.14-15.1 is installed
  • OR php5-dom-5.5.14-15.1 is installed
  • OR php5-enchant-5.5.14-15.1 is installed
  • OR php5-exif-5.5.14-15.1 is installed
  • OR php5-fastcgi-5.5.14-15.1 is installed
  • OR php5-fileinfo-5.5.14-15.1 is installed
  • OR php5-fpm-5.5.14-15.1 is installed
  • OR php5-ftp-5.5.14-15.1 is installed
  • OR php5-gd-5.5.14-15.1 is installed
  • OR php5-gettext-5.5.14-15.1 is installed
  • OR php5-gmp-5.5.14-15.1 is installed
  • OR php5-iconv-5.5.14-15.1 is installed
  • OR php5-intl-5.5.14-15.1 is installed
  • OR php5-json-5.5.14-15.1 is installed
  • OR php5-ldap-5.5.14-15.1 is installed
  • OR php5-mbstring-5.5.14-15.1 is installed
  • OR php5-mcrypt-5.5.14-15.1 is installed
  • OR php5-mysql-5.5.14-15.1 is installed
  • OR php5-odbc-5.5.14-15.1 is installed
  • OR php5-openssl-5.5.14-15.1 is installed
  • OR php5-pcntl-5.5.14-15.1 is installed
  • OR php5-pdo-5.5.14-15.1 is installed
  • OR php5-pear-5.5.14-15.1 is installed
  • OR php5-pgsql-5.5.14-15.1 is installed
  • OR php5-pspell-5.5.14-15.1 is installed
  • OR php5-shmop-5.5.14-15.1 is installed
  • OR php5-snmp-5.5.14-15.1 is installed
  • OR php5-soap-5.5.14-15.1 is installed
  • OR php5-sockets-5.5.14-15.1 is installed
  • OR php5-sqlite-5.5.14-15.1 is installed
  • OR php5-suhosin-5.5.14-15.1 is installed
  • OR php5-sysvmsg-5.5.14-15.1 is installed
  • OR php5-sysvsem-5.5.14-15.1 is installed
  • OR php5-sysvshm-5.5.14-15.1 is installed
  • OR php5-tokenizer-5.5.14-15.1 is installed
  • OR php5-wddx-5.5.14-15.1 is installed
  • OR php5-xmlreader-5.5.14-15.1 is installed
  • OR php5-xmlrpc-5.5.14-15.1 is installed
  • OR php5-xmlwriter-5.5.14-15.1 is installed
  • OR php5-xsl-5.5.14-15.1 is installed
  • OR php5-zip-5.5.14-15.1 is installed
  • OR php5-zlib-5.5.14-15.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Point of Sale 12 SP2 is installed
  • AND python-pycrypto-2.6.1-10.3.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Real Time Extension 12 SP1 is installed
  • AND Package Information
  • kernel-compute-3.12.58-14.1 is installed
  • OR kernel-compute-base-3.12.58-14.1 is installed
  • OR kernel-compute-devel-3.12.58-14.1 is installed
  • OR kernel-compute_debug-3.12.58-14.1 is installed
  • OR kernel-compute_debug-devel-3.12.58-14.1 is installed
  • OR kernel-devel-rt-3.12.58-14.1 is installed
  • OR kernel-rt-3.12.58-14.1 is installed
  • OR kernel-rt-base-3.12.58-14.1 is installed
  • OR kernel-rt-devel-3.12.58-14.1 is installed
  • OR kernel-rt_debug-3.12.58-14.1 is installed
  • OR kernel-rt_debug-devel-3.12.58-14.1 is installed
  • OR kernel-source-rt-3.12.58-14.1 is installed
  • OR kernel-syms-rt-3.12.58-14.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Real Time Extension 12 SP2 is installed
  • AND Package Information
  • cluster-md-kmp-rt-4.4.74-7.10 is installed
  • OR cluster-network-kmp-rt-4.4.74-7.10 is installed
  • OR dlm-kmp-rt-4.4.74-7.10 is installed
  • OR gfs2-kmp-rt-4.4.74-7.10 is installed
  • OR kernel-devel-rt-4.4.74-7.10 is installed
  • OR kernel-rt-4.4.74-7.10 is installed
  • OR kernel-rt-base-4.4.74-7.10 is installed
  • OR kernel-rt-devel-4.4.74-7.10 is installed
  • OR kernel-rt_debug-4.4.74-7.10 is installed
  • OR kernel-rt_debug-devel-4.4.74-7.10 is installed
  • OR kernel-source-rt-4.4.74-7.10 is installed
  • OR kernel-syms-rt-4.4.74-7.10 is installed
  • OR ocfs2-kmp-rt-4.4.74-7.10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP2 is installed
  • AND Package Information
  • MozillaFirefox-10.0-0.3.2 is installed
  • OR MozillaFirefox-translations-10.0-0.3.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP3 is installed
  • AND xdg-utils-1.0.2-36.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND automake-1.10.1-4.131.9.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 is installed
  • AND Package Information
  • apache-commons-daemon-1.0.15-4 is installed
  • OR apache-commons-daemon-javadoc-1.0.15-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND xfsprogs-3.2.1-3.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • perl-5.18.2-11 is installed
  • OR perl-32bit-5.18.2-11 is installed
  • OR perl-base-5.18.2-11 is installed
  • OR perl-doc-5.18.2-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • apache-commons-beanutils-1.9.2-1 is installed
  • OR apache-commons-beanutils-javadoc-1.9.2-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • accountsservice-0.6.42-16.3 is installed
  • OR accountsservice-lang-0.6.42-16.3 is installed
  • OR libaccountsservice0-0.6.42-16.3 is installed
  • OR typelib-1_0-AccountsService-1_0-0.6.42-16.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_60-52_49-default-2-2.2 is installed
  • OR kgraft-patch-3_12_60-52_49-xen-2-2.2 is installed
  • OR kgraft-patch-SLE12_Update_14-2-2.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND Package Information
  • libmysqlclient18-10.0.30-25 is installed
  • OR mariadb-10.0.30-25 is installed
  • OR mariadb-client-10.0.30-25 is installed
  • OR mariadb-errormessages-10.0.30-25 is installed
  • OR mariadb-tools-10.0.30-25 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP1 is installed
  • AND Package Information
  • xen-4.5.5_10-22.14.1 is installed
  • OR xen-devel-4.5.5_10-22.14.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP2 is installed
  • AND graphite2-devel-1.3.1-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP3 is installed
  • AND Package Information
  • ant-1.9.4-1 is installed
  • OR ant-jmf-1.9.4-1 is installed
  • OR ant-scripts-1.9.4-1 is installed
  • OR ant-swing-1.9.4-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP4 is installed
  • AND Package Information
  • DirectFB-devel-1.7.1-6 is installed
  • OR lib++dfb-devel-1.7.1-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 is installed
  • AND Package Information
  • python-base-2.7.7-9.3 is installed
  • OR python-devel-2.7.7-9.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 SP1 is installed
  • AND Package Information
  • kernel-default-3.12.59-60.45.2 is installed
  • OR kernel-default-extra-3.12.59-60.45.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 SP2 is installed
  • AND Package Information
  • gstreamer-plugins-base-1.8.3-9.6 is installed
  • OR libgstfft-1_0-0-32bit-1.8.3-9.6 is installed
  • OR typelib-1_0-GstAudio-1_0-1.8.3-9.6 is installed
  • OR typelib-1_0-GstPbutils-1_0-1.8.3-9.6 is installed
  • OR typelib-1_0-GstTag-1_0-1.8.3-9.6 is installed
  • OR typelib-1_0-GstVideo-1_0-1.8.3-9.6 is installed
    • BACK