Oval Definition:	oval:org.opensuse.security:def:53431
Revision Date: 2020-12-01 Version: 1 Title: Security update for tomcat (Important) Description: This update for tomcat fixes the following issues: - Update to Tomcat 9.0.35. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt) CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control. Family: unix Class: patch Status: Reference(s): 1009745 1024041 1024047 1024076 1024079 1031756 1033236 1037559 1038132 1038984 1043218 1045735 1047785 1048315 1125401 1169740 1171355 1171928 1172651 1173334 867943 912365 912368 912369 912370 912372 928193 951734 951735 954429 956018 956021 956260 957105 957106 957107 957109 957110 959277 982178 992038 CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0696 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-4022 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3613 CVE-2010-3614 CVE-2010-3615 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-0414 CVE-2011-1907 CVE-2011-1910 CVE-2011-2464 CVE-2011-3172 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4313 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-1667 CVE-2012-2110 CVE-2012-2686 CVE-2012-3817 CVE-2012-3868 CVE-2012-4244 CVE-2012-4929 CVE-2012-5166 CVE-2012-5688 CVE-2012-5689 CVE-2013-0166 CVE-2013-0169 CVE-2013-2266 CVE-2013-4353 CVE-2013-4854 CVE-2013-5653 CVE-2013-6449 CVE-2013-6450 CVE-2013-6487 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-0591 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-3775 CVE-2014-5139 CVE-2014-8275 CVE-2014-8500 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-0559 CVE-2015-0560 CVE-2015-0561 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 CVE-2015-1349 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-1819 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2015-3216 CVE-2015-3228 CVE-2015-4000 CVE-2015-4620 CVE-2015-5312 CVE-2015-5477 CVE-2015-5722 CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8000 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2015-8704 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 CVE-2016-10220 CVE-2016-1285 CVE-2016-1286 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-2775 CVE-2016-2776 CVE-2016-5118 CVE-2016-6170 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 CVE-2016-8864 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2016-9601 CVE-2017-2625 CVE-2017-3135 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 CVE-2017-3142 CVE-2017-3143 CVE-2017-3145 CVE-2017-3731 CVE-2017-3732 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 CVE-2017-5951 CVE-2017-7207 CVE-2017-7435 CVE-2017-7436 CVE-2017-8291 CVE-2017-8779 CVE-2017-9269 CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 CVE-2020-9484 SUSE-SU-2015:0307-1 SUSE-SU-2015:2335-1 SUSE-SU-2016:0049-1 SUSE-SU-2016:1570-1 SUSE-SU-2017:1039-1 SUSE-SU-2017:1314-1 SUSE-SU-2017:1328-1 SUSE-SU-2017:2040-1 SUSE-SU-2020:1363-1 SUSE-SU-2020:1823-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Leap 15.1 NonFree SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Web Scripting 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information coreutils-8.29-lp150.2 is installed OR coreutils-lang-8.29-lp150.2 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information exim-4.88-lp151.4.3 is installed OR eximon-4.88-lp151.4.3 is installed OR eximstats-html-4.88-lp151.4.3 is installed Definition Synopsis openSUSE Leap 15.1 NonFree is installed AND opera-63.0.3368.66-lp151.2.6 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information kdelibs4-4.3.5-0.12 is installed OR kdelibs4-core-4.3.5-0.12 is installed OR libkde4-4.3.5-0.12 is installed OR libkde4-32bit-4.3.5-0.12 is installed OR libkdecore4-4.3.5-0.12 is installed OR libkdecore4-32bit-4.3.5-0.12 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND cabextract-1.2-2.10 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information giflib-4.1.6-13 is installed OR giflib-32bit-4.1.6-13 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information MozillaFirefox-38.5.0esr-54 is installed OR MozillaFirefox-translations-38.5.0esr-54 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information libxml2-2.9.1-13 is installed OR libxml2-2-2.9.1-13 is installed OR libxml2-2-32bit-2.9.1-13 is installed OR libxml2-tools-2.9.1-13 is installed OR python-libxml2-2.9.1-13 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libzypp-16.15.2-27.21 is installed OR zypper-1.13.30-18.13 is installed OR zypper-log-1.13.30-18.13 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information ghostscript-9.15-22 is installed OR ghostscript-x11-9.15-22 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information bind-utils-9.11.2-1 is installed OR libbind9-160-9.11.2-1 is installed OR libdns169-9.11.2-1 is installed OR libirs160-9.11.2-1 is installed OR libisc166-9.11.2-1 is installed OR libisc166-32bit-9.11.2-1 is installed OR libisccc160-9.11.2-1 is installed OR libisccfg160-9.11.2-1 is installed OR liblwres160-9.11.2-1 is installed OR python-bind-9.11.2-1 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed AND Package Information tomcat-9.0.35-4.30 is installed OR tomcat-admin-webapps-9.0.35-4.30 is installed OR tomcat-el-3_0-api-9.0.35-4.30 is installed OR tomcat-jsp-2_3-api-9.0.35-4.30 is installed OR tomcat-lib-9.0.35-4.30 is installed OR tomcat-servlet-4_0-api-9.0.35-4.30 is installed OR tomcat-webapps-9.0.35-4.30 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information cpp48-4.8.5-24 is installed OR gcc48-4.8.5-24 is installed OR gcc48-32bit-4.8.5-24 is installed OR gcc48-c++-4.8.5-24 is installed OR gcc48-info-4.8.5-24 is installed OR gcc48-locale-4.8.5-24 is installed OR libasan0-4.8.5-24 is installed OR libasan0-32bit-4.8.5-24 is installed OR libstdc++48-devel-4.8.5-24 is installed OR libstdc++48-devel-32bit-4.8.5-24 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_62-60_64_8-default-9-3 is installed OR kgraft-patch-3_12_62-60_64_8-xen-9-3 is installed OR kgraft-patch-SLE12-SP1_Update_8-9-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND xorg-x11-libs-7.6-45 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information xen-4.7.5_04-43.33 is installed OR xen-doc-html-4.7.5_04-43.33 is installed OR xen-libs-4.7.5_04-43.33 is installed OR xen-libs-32bit-4.7.5_04-43.33 is installed OR xen-tools-4.7.5_04-43.33 is installed OR xen-tools-domU-4.7.5_04-43.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information MozillaFirefox-52.9.0esr-109.38 is installed OR MozillaFirefox-devel-52.9.0esr-109.38 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_121-92_92-default-8-2 is installed OR kgraft-patch-SLE12-SP2_Update_24-8-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information elfutils-0.158-6 is installed OR libasm1-0.158-6 is installed OR libasm1-32bit-0.158-6 is installed OR libdw1-0.158-6 is installed OR libdw1-32bit-0.158-6 is installed OR libebl1-0.158-6 is installed OR libebl1-32bit-0.158-6 is installed OR libelf1-0.158-6 is installed OR libelf1-32bit-0.158-6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND gdb-8.3.1-2.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_180-94_100-default-4-2 is installed OR kgraft-patch-SLE12-SP3_Update_27-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information libpython3_4m1_0-3.4.6-25.29 is installed OR python3-3.4.6-25.29 is installed OR python3-base-3.4.6-25.29 is installed OR python3-curses-3.4.6-25.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libgcrypt-1.6.1-16.58 is installed OR libgcrypt20-1.6.1-16.58 is installed OR libgcrypt20-32bit-1.6.1-16.58 is installed OR libgcrypt20-hmac-1.6.1-16.58 is installed OR libgcrypt20-hmac-32bit-1.6.1-16.58 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information dbus-1-glib-0.100.2-3 is installed OR dbus-1-glib-32bit-0.100.2-3 is installed Definition Synopsis SUSE Linux Enterprise Server 15-LTSS is installed AND ntp-4.2.8p15-4.10 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND python-Beaker-1.6.4-0.7 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information MozillaFirefox-52.8.0esr-109.31 is installed OR MozillaFirefox-devel-52.8.0esr-109.31 is installed OR MozillaFirefox-translations-52.8.0esr-109.31 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND nodejs6-6.14.3-11.15 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND python-urllib3-1.23-3.6 is installed
BACK