Oval Definition:oval:org.opensuse.security:def:53476
Revision Date:2020-12-01Version:1
Title:Security update for tomcat (Important)
Description:

This update for tomcat fixes the following issues:

- Update to Tomcat 9.0.35. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt)

CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence

If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control.

Family:unixClass:patch
Status:Reference(s):1039357
1040043
1043353
1043354
1047536
1047908
1050037
1050072
1050098
1050100
1050635
1051442
1052470
1052708
1052717
1052721
1052768
1052777
1052781
1054600
1055068
1055374
1055455
1055456
1057000
1060162
1062752
1072362
1072901
1074120
1074125
1074185
1074309
1075939
1076021
1076051
1171928
1176343
1176344
1176345
1176346
1176347
1176348
1176349
1176350
814241
878345
878349
879138
934333
936676
962983
962996
979441
980391
984684
987895
988651
989121
989122
989721
989722
989723
989725
989726
989727
989728
989729
989730
989731
989732
989733
989734
CVE-2004-2779
CVE-2008-2109
CVE-2009-3297
CVE-2010-0407
CVE-2010-2242
CVE-2010-4531
CVE-2011-0541
CVE-2011-1146
CVE-2011-2483
CVE-2011-2511
CVE-2011-4600
CVE-2012-3445
CVE-2013-0170
CVE-2013-1962
CVE-2013-2218
CVE-2013-2230
CVE-2013-4153
CVE-2013-4154
CVE-2013-4239
CVE-2013-4296
CVE-2013-4297
CVE-2013-4311
CVE-2013-4399
CVE-2013-4400
CVE-2013-4401
CVE-2013-6436
CVE-2013-6456
CVE-2013-6457
CVE-2013-6458
CVE-2014-0028
CVE-2014-0179
CVE-2014-1447
CVE-2014-2977
CVE-2014-2978
CVE-2014-3633
CVE-2014-3657
CVE-2014-7823
CVE-2014-8131
CVE-2015-0236
CVE-2015-0295
CVE-2015-1283
CVE-2015-1858
CVE-2015-1859
CVE-2015-1860
CVE-2015-3202
CVE-2015-5247
CVE-2015-5313
CVE-2015-8946
CVE-2016-0718
CVE-2016-0755
CVE-2016-10109
CVE-2016-3458
CVE-2016-3485
CVE-2016-3498
CVE-2016-3500
CVE-2016-3503
CVE-2016-3508
CVE-2016-3511
CVE-2016-3550
CVE-2016-3552
CVE-2016-3587
CVE-2016-3598
CVE-2016-3606
CVE-2016-3610
CVE-2016-6224
CVE-2017-1000366
CVE-2017-10995
CVE-2017-11505
CVE-2017-11525
CVE-2017-11526
CVE-2017-11539
CVE-2017-11550
CVE-2017-11551
CVE-2017-11639
CVE-2017-11750
CVE-2017-12565
CVE-2017-12640
CVE-2017-12641
CVE-2017-12643
CVE-2017-12671
CVE-2017-12673
CVE-2017-12676
CVE-2017-12935
CVE-2017-13059
CVE-2017-13141
CVE-2017-13142
CVE-2017-13147
CVE-2017-14103
CVE-2017-14649
CVE-2017-15218
CVE-2017-17504
CVE-2017-17681
CVE-2017-17879
CVE-2017-17884
CVE-2017-17914
CVE-2017-18008
CVE-2017-18027
CVE-2017-18029
CVE-2017-2635
CVE-2017-9261
CVE-2017-9262
CVE-2018-10906
CVE-2018-5246
CVE-2018-5685
CVE-2020-25595
CVE-2020-25596
CVE-2020-25597
CVE-2020-25599
CVE-2020-25600
CVE-2020-25601
CVE-2020-25603
CVE-2020-25604
CVE-2020-9484
SUSE-SU-2015:0839-1
SUSE-SU-2016:0340-1
SUSE-SU-2016:1508-1
SUSE-SU-2016:2012-1
SUSE-SU-2017:1619-1
SUSE-SU-2017:2744-1
SUSE-SU-2018:0336-1
SUSE-SU-2018:0349-1
SUSE-SU-2020:1364-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.0 NonFree
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND chrony-3.2-lp150.5 is installed
  • Definition Synopsis
  • openSUSE Leap 15.0 NonFree is installed
  • AND opera-63.0.3368.66-lp151.2.6 is installed
  • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • neovim-0.3.5-lp151.2.3 is installed
  • OR neovim-lang-0.3.5-lp151.2.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • libldb1-3.6.3-0.33.39 is installed
  • OR libldb1-32bit-3.6.3-0.33.39 is installed
  • OR libsmbclient0-3.6.3-0.33.39 is installed
  • OR libsmbclient0-32bit-3.6.3-0.33.39 is installed
  • OR libtalloc1-3.4.3-1.50 is installed
  • OR libtalloc1-32bit-3.4.3-1.50 is installed
  • OR libtalloc2-3.6.3-0.33.39 is installed
  • OR libtalloc2-32bit-3.6.3-0.33.39 is installed
  • OR libtdb1-3.6.3-0.33.39 is installed
  • OR libtdb1-32bit-3.6.3-0.33.39 is installed
  • OR libtevent0-3.6.3-0.33.39 is installed
  • OR libtevent0-32bit-3.6.3-0.33.39 is installed
  • OR libwbclient0-3.6.3-0.33.39 is installed
  • OR libwbclient0-32bit-3.6.3-0.33.39 is installed
  • OR samba-3.6.3-0.33.39 is installed
  • OR samba-32bit-3.6.3-0.33.39 is installed
  • OR samba-client-3.6.3-0.33.39 is installed
  • OR samba-client-32bit-3.6.3-0.33.39 is installed
  • OR samba-doc-3.6.3-0.33.39 is installed
  • OR samba-krb-printing-3.6.3-0.33.39 is installed
  • OR samba-winbind-3.6.3-0.33.39 is installed
  • OR samba-winbind-32bit-3.6.3-0.33.39 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • emacs-22.3-4.42 is installed
  • OR emacs-info-22.3-4.42 is installed
  • OR emacs-x11-22.3-4.42 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND dhcpcd-3.2.3-45.5 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • DirectFB-1.7.1-4 is installed
  • OR lib++dfb-1_7-1-1.7.1-4 is installed
  • OR libdirectfb-1_7-1-1.7.1-4 is installed
  • OR libdirectfb-1_7-1-32bit-1.7.1-4 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.101-14 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.101-14 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND xerces-j2-2.8.1-268.6 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • libQt5Concurrent5-5.6.2-5 is installed
  • OR libQt5Core5-5.6.2-5 is installed
  • OR libQt5DBus5-5.6.2-5 is installed
  • OR libQt5Gui5-5.6.2-5 is installed
  • OR libQt5Network5-5.6.2-5 is installed
  • OR libQt5OpenGL5-5.6.2-5 is installed
  • OR libQt5PrintSupport5-5.6.2-5 is installed
  • OR libQt5Sql5-5.6.2-5 is installed
  • OR libQt5Sql5-mysql-5.6.2-5 is installed
  • OR libQt5Sql5-postgresql-5.6.2-5 is installed
  • OR libQt5Sql5-sqlite-5.6.2-5 is installed
  • OR libQt5Sql5-unixODBC-5.6.2-5 is installed
  • OR libQt5Test5-5.6.2-5 is installed
  • OR libQt5Widgets5-5.6.2-5 is installed
  • OR libQt5Xml5-5.6.2-5 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • fuse-2.9.3-6.3 is installed
  • OR libfuse2-2.9.3-6.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • hplip-3.14.6-3 is installed
  • OR hplip-hpijs-3.14.6-3 is installed
  • OR hplip-sane-3.14.6-3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_57-default-2-2 is installed
  • OR kgraft-patch-3_12_74-60_64_57-xen-2-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_20-2-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • cups-filters-1.0.58-13 is installed
  • OR cups-filters-cups-browsed-1.0.58-13 is installed
  • OR cups-filters-foomatic-rip-1.0.58-13 is installed
  • OR cups-filters-ghostscript-1.0.58-13 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • apache2-2.4.23-29.27 is installed
  • OR apache2-doc-2.4.23-29.27 is installed
  • OR apache2-example-pages-2.4.23-29.27 is installed
  • OR apache2-prefork-2.4.23-29.27 is installed
  • OR apache2-utils-2.4.23-29.27 is installed
  • OR apache2-worker-2.4.23-29.27 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libwireshark9-2.4.10-48.32 is installed
  • OR libwiretap7-2.4.10-48.32 is installed
  • OR libwscodecs1-2.4.10-48.32 is installed
  • OR libwsutil8-2.4.10-48.32 is installed
  • OR wireshark-2.4.10-48.32 is installed
  • OR wireshark-gtk-2.4.10-48.32 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_121-92_114-default-4-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_30-4-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • MozillaFirefox-52.2.0esr-108 is installed
  • OR MozillaFirefox-translations-52.2.0esr-108 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libjpeg-turbo-1.5.3-31.19 is installed
  • OR libjpeg62-62.2.0-31.19 is installed
  • OR libjpeg62-32bit-62.2.0-31.19 is installed
  • OR libjpeg62-turbo-1.5.3-31.19 is installed
  • OR libjpeg8-8.1.2-31.19 is installed
  • OR libjpeg8-32bit-8.1.2-31.19 is installed
  • OR libturbojpeg0-8.1.2-31.19 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.55 is installed
  • OR openssl-1.0.2j-60.55 is installed
  • OR openssl-doc-1.0.2j-60.55 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_178-94_91-default-5-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_25-5-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • gnome-shell-search-provider-nautilus-3.20.3-23.6 is installed
  • OR libnautilus-extension1-3.20.3-23.6 is installed
  • OR nautilus-3.20.3-23.6 is installed
  • OR nautilus-lang-3.20.3-23.6 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • guestfs-data-1.32.4-21.3 is installed
  • OR guestfs-tools-1.32.4-21.3 is installed
  • OR guestfsd-1.32.4-21.3 is installed
  • OR libguestfs0-1.32.4-21.3 is installed
  • OR perl-Sys-Guestfs-1.32.4-21.3 is installed
  • OR python-libguestfs-1.32.4-21.3 is installed
  • OR virt-p2v-1.32.4-21.3 is installed
  • OR virt-v2v-1.32.4-21.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 15-LTSS is installed
  • AND Package Information
  • tomcat-9.0.35-3.52 is installed
  • OR tomcat-admin-webapps-9.0.35-3.52 is installed
  • OR tomcat-el-3_0-api-9.0.35-3.52 is installed
  • OR tomcat-jsp-2_3-api-9.0.35-3.52 is installed
  • OR tomcat-lib-9.0.35-3.52 is installed
  • OR tomcat-servlet-4_0-api-9.0.35-3.52 is installed
  • OR tomcat-webapps-9.0.35-3.52 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • openstack-glance-11.0.2~a0~dev2-1 is installed
  • OR python-glance-11.0.2~a0~dev2-1 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • MozillaFirefox-52.9.0esr-109.38 is installed
  • OR MozillaFirefox-devel-52.9.0esr-109.38 is installed
  • OR MozillaFirefox-translations-52.9.0esr-109.38 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND slf4j-1.7.12-3.3 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • curl-7.37.0-37.43 is installed
  • OR libcurl4-7.37.0-37.43 is installed
  • OR libcurl4-32bit-7.37.0-37.43 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-Django1-1.11.23-3.9 is installed
  • BACK