OVAL Reference oval:org.opensuse.security:def:53476

Oval Definition:

oval:org.opensuse.security:def:53476

Revision Date:	2020-12-01	Version:	1
Title:	Security update for tomcat (Important)
Description:	This update for tomcat fixes the following issues: - Update to Tomcat 9.0.35. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt) CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control.
Family:	unix	Class:	patch
Status:		Reference(s):	1039357 1040043 1043353 1043354 1047536 1047908 1050037 1050072 1050098 1050100 1050635 1051442 1052470 1052708 1052717 1052721 1052768 1052777 1052781 1054600 1055068 1055374 1055455 1055456 1057000 1060162 1062752 1072362 1072901 1074120 1074125 1074185 1074309 1075939 1076021 1076051 1171928 1176343 1176344 1176345 1176346 1176347 1176348 1176349 1176350 814241 878345 878349 879138 934333 936676 962983 962996 979441 980391 984684 987895 988651 989121 989122 989721 989722 989723 989725 989726 989727 989728 989729 989730 989731 989732 989733 989734 CVE-2004-2779 CVE-2008-2109 CVE-2009-3297 CVE-2010-0407 CVE-2010-2242 CVE-2010-4531 CVE-2011-0541 CVE-2011-1146 CVE-2011-2483 CVE-2011-2511 CVE-2011-4600 CVE-2012-3445 CVE-2013-0170 CVE-2013-1962 CVE-2013-2218 CVE-2013-2230 CVE-2013-4153 CVE-2013-4154 CVE-2013-4239 CVE-2013-4296 CVE-2013-4297 CVE-2013-4311 CVE-2013-4399 CVE-2013-4400 CVE-2013-4401 CVE-2013-6436 CVE-2013-6456 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-0179 CVE-2014-1447 CVE-2014-2977 CVE-2014-2978 CVE-2014-3633 CVE-2014-3657 CVE-2014-7823 CVE-2014-8131 CVE-2015-0236 CVE-2015-0295 CVE-2015-1283 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 CVE-2015-3202 CVE-2015-5247 CVE-2015-5313 CVE-2015-8946 CVE-2016-0718 CVE-2016-0755 CVE-2016-10109 CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3552 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 CVE-2016-6224 CVE-2017-1000366 CVE-2017-10995 CVE-2017-11505 CVE-2017-11525 CVE-2017-11526 CVE-2017-11539 CVE-2017-11550 CVE-2017-11551 CVE-2017-11639 CVE-2017-11750 CVE-2017-12565 CVE-2017-12640 CVE-2017-12641 CVE-2017-12643 CVE-2017-12671 CVE-2017-12673 CVE-2017-12676 CVE-2017-12935 CVE-2017-13059 CVE-2017-13141 CVE-2017-13142 CVE-2017-13147 CVE-2017-14103 CVE-2017-14649 CVE-2017-15218 CVE-2017-17504 CVE-2017-17681 CVE-2017-17879 CVE-2017-17884 CVE-2017-17914 CVE-2017-18008 CVE-2017-18027 CVE-2017-18029 CVE-2017-2635 CVE-2017-9261 CVE-2017-9262 CVE-2018-10906 CVE-2018-5246 CVE-2018-5685 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25603 CVE-2020-25604 CVE-2020-9484 SUSE-SU-2015:0839-1 SUSE-SU-2016:0340-1 SUSE-SU-2016:1508-1 SUSE-SU-2016:2012-1 SUSE-SU-2017:1619-1 SUSE-SU-2017:2744-1 SUSE-SU-2018:0336-1 SUSE-SU-2018:0349-1 SUSE-SU-2020:1364-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.0 NonFree openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND chrony-3.2-lp150.5 is installed
Definition Synopsis
openSUSE Leap 15.0 NonFree is installed AND opera-63.0.3368.66-lp151.2.6 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information neovim-0.3.5-lp151.2.3 is installed OR neovim-lang-0.3.5-lp151.2.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information libldb1-3.6.3-0.33.39 is installed OR libldb1-32bit-3.6.3-0.33.39 is installed OR libsmbclient0-3.6.3-0.33.39 is installed OR libsmbclient0-32bit-3.6.3-0.33.39 is installed OR libtalloc1-3.4.3-1.50 is installed OR libtalloc1-32bit-3.4.3-1.50 is installed OR libtalloc2-3.6.3-0.33.39 is installed OR libtalloc2-32bit-3.6.3-0.33.39 is installed OR libtdb1-3.6.3-0.33.39 is installed OR libtdb1-32bit-3.6.3-0.33.39 is installed OR libtevent0-3.6.3-0.33.39 is installed OR libtevent0-32bit-3.6.3-0.33.39 is installed OR libwbclient0-3.6.3-0.33.39 is installed OR libwbclient0-32bit-3.6.3-0.33.39 is installed OR samba-3.6.3-0.33.39 is installed OR samba-32bit-3.6.3-0.33.39 is installed OR samba-client-3.6.3-0.33.39 is installed OR samba-client-32bit-3.6.3-0.33.39 is installed OR samba-doc-3.6.3-0.33.39 is installed OR samba-krb-printing-3.6.3-0.33.39 is installed OR samba-winbind-3.6.3-0.33.39 is installed OR samba-winbind-32bit-3.6.3-0.33.39 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information emacs-22.3-4.42 is installed OR emacs-info-22.3-4.42 is installed OR emacs-x11-22.3-4.42 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP4 is installed AND dhcpcd-3.2.3-45.5 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information DirectFB-1.7.1-4 is installed OR lib++dfb-1_7-1-1.7.1-4 is installed OR libdirectfb-1_7-1-1.7.1-4 is installed OR libdirectfb-1_7-1-32bit-1.7.1-4 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information java-1_8_0-openjdk-1.8.0.101-14 is installed OR java-1_8_0-openjdk-headless-1.8.0.101-14 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND xerces-j2-2.8.1-268.6 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information libQt5Concurrent5-5.6.2-5 is installed OR libQt5Core5-5.6.2-5 is installed OR libQt5DBus5-5.6.2-5 is installed OR libQt5Gui5-5.6.2-5 is installed OR libQt5Network5-5.6.2-5 is installed OR libQt5OpenGL5-5.6.2-5 is installed OR libQt5PrintSupport5-5.6.2-5 is installed OR libQt5Sql5-5.6.2-5 is installed OR libQt5Sql5-mysql-5.6.2-5 is installed OR libQt5Sql5-postgresql-5.6.2-5 is installed OR libQt5Sql5-sqlite-5.6.2-5 is installed OR libQt5Sql5-unixODBC-5.6.2-5 is installed OR libQt5Test5-5.6.2-5 is installed OR libQt5Widgets5-5.6.2-5 is installed OR libQt5Xml5-5.6.2-5 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information fuse-2.9.3-6.3 is installed OR libfuse2-2.9.3-6.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information hplip-3.14.6-3 is installed OR hplip-hpijs-3.14.6-3 is installed OR hplip-sane-3.14.6-3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_57-default-2-2 is installed OR kgraft-patch-3_12_74-60_64_57-xen-2-2 is installed OR kgraft-patch-SLE12-SP1_Update_20-2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information cups-filters-1.0.58-13 is installed OR cups-filters-cups-browsed-1.0.58-13 is installed OR cups-filters-foomatic-rip-1.0.58-13 is installed OR cups-filters-ghostscript-1.0.58-13 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information apache2-2.4.23-29.27 is installed OR apache2-doc-2.4.23-29.27 is installed OR apache2-example-pages-2.4.23-29.27 is installed OR apache2-prefork-2.4.23-29.27 is installed OR apache2-utils-2.4.23-29.27 is installed OR apache2-worker-2.4.23-29.27 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information libwireshark9-2.4.10-48.32 is installed OR libwiretap7-2.4.10-48.32 is installed OR libwscodecs1-2.4.10-48.32 is installed OR libwsutil8-2.4.10-48.32 is installed OR wireshark-2.4.10-48.32 is installed OR wireshark-gtk-2.4.10-48.32 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_121-92_114-default-4-2 is installed OR kgraft-patch-SLE12-SP2_Update_30-4-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information MozillaFirefox-52.2.0esr-108 is installed OR MozillaFirefox-translations-52.2.0esr-108 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libjpeg-turbo-1.5.3-31.19 is installed OR libjpeg62-62.2.0-31.19 is installed OR libjpeg62-32bit-62.2.0-31.19 is installed OR libjpeg62-turbo-1.5.3-31.19 is installed OR libjpeg8-8.1.2-31.19 is installed OR libjpeg8-32bit-8.1.2-31.19 is installed OR libturbojpeg0-8.1.2-31.19 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libopenssl-devel-1.0.2j-60.55 is installed OR libopenssl1_0_0-1.0.2j-60.55 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.55 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.55 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.55 is installed OR openssl-1.0.2j-60.55 is installed OR openssl-doc-1.0.2j-60.55 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_178-94_91-default-5-2 is installed OR kgraft-patch-SLE12-SP3_Update_25-5-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information gnome-shell-search-provider-nautilus-3.20.3-23.6 is installed OR libnautilus-extension1-3.20.3-23.6 is installed OR nautilus-3.20.3-23.6 is installed OR nautilus-lang-3.20.3-23.6 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information guestfs-data-1.32.4-21.3 is installed OR guestfs-tools-1.32.4-21.3 is installed OR guestfsd-1.32.4-21.3 is installed OR libguestfs0-1.32.4-21.3 is installed OR perl-Sys-Guestfs-1.32.4-21.3 is installed OR python-libguestfs-1.32.4-21.3 is installed OR virt-p2v-1.32.4-21.3 is installed OR virt-v2v-1.32.4-21.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information tomcat-9.0.35-3.52 is installed OR tomcat-admin-webapps-9.0.35-3.52 is installed OR tomcat-el-3_0-api-9.0.35-3.52 is installed OR tomcat-jsp-2_3-api-9.0.35-3.52 is installed OR tomcat-lib-9.0.35-3.52 is installed OR tomcat-servlet-4_0-api-9.0.35-3.52 is installed OR tomcat-webapps-9.0.35-3.52 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND Package Information openstack-glance-11.0.2~a0~dev2-1 is installed OR python-glance-11.0.2~a0~dev2-1 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information MozillaFirefox-52.9.0esr-109.38 is installed OR MozillaFirefox-devel-52.9.0esr-109.38 is installed OR MozillaFirefox-translations-52.9.0esr-109.38 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND slf4j-1.7.12-3.3 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information curl-7.37.0-37.43 is installed OR libcurl4-7.37.0-37.43 is installed OR libcurl4-32bit-7.37.0-37.43 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND python-Django1-1.11.23-3.9 is installed

BACK