Oval Definition:	oval:org.opensuse.security:def:5564
Revision Date: 2020-12-02 Version: 1 Title: Security update for tomcat (Moderate) Description: This update for tomcat to version 9.0.31 fixes the following issues: Security issues fixed: - CVE-2019-17569: Fixed a regression in the handling of Transfer-Encoding headers that would have allowed HTTP Request Smuggling (bsc#1164825). - CVE-2020-1935: Fixed an HTTP Request Smuggling issue (bsc#1164860). - CVE-2020-1938: Fixed a file contents disclosure vulnerability (bsc#1164692). Family: unix Class: patch Status: Reference(s): 1050549 1051510 1052904 1053043 1055117 1055121 1061840 1065600 1065729 1070872 1082555 1083647 1085535 1085536 1088804 1094244 1097583 1097584 1097585 1097586 1097587 1097588 1100132 1103259 1111331 1112128 1112178 1113399 1113722 1114279 1114542 1114638 1119086 1119680 1120318 1120902 1122767 1123105 1125342 1126221 1126356 1126704 1126740 1127175 1127371 1127372 1127374 1127378 1127445 1128415 1128544 1129276 1129770 1130130 1130154 1130195 1130335 1130336 1130337 1130338 1130425 1130427 1130518 1130527 1130567 1131062 1131107 1131167 1131168 1131169 1131170 1131171 1131172 1131173 1131174 1131175 1131176 1131177 1131178 1131179 1131180 1131290 1131335 1131336 1131416 1131427 1131442 1131467 1131574 1131587 1131659 1131673 1131847 1131848 1131851 1131900 1131934 1131935 1132083 1132219 1132226 1132227 1132365 1132368 1132369 1132370 1132372 1132373 1132384 1132397 1132402 1132403 1132404 1132405 1132407 1132411 1132412 1132413 1132414 1132426 1132527 1132531 1132555 1132558 1132561 1132562 1132563 1132564 1132570 1132571 1132572 1132589 1132618 1132681 1132726 1132828 1132943 1133005 1133094 1133095 1133115 1133149 1133486 1133529 1133584 1133667 1133668 1133672 1133674 1133675 1133698 1133702 1133731 1133769 1133772 1133774 1133778 1133779 1133780 1133825 1133850 1133851 1133852 1164692 1164825 1164860 CVE-2006-0855 CVE-2007-1669 CVE-2010-4000 CVE-2011-1145 CVE-2011-2483 CVE-2012-0247 CVE-2012-0248 CVE-2012-0862 CVE-2012-1185 CVE-2012-1186 CVE-2013-4143 CVE-2013-4342 CVE-2014-0172 CVE-2014-2653 CVE-2014-3970 CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-8169 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2014-9029 CVE-2014-9447 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9825 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9842 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9852 CVE-2014-9853 CVE-2014-9854 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2015-8325 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2016-0777 CVE-2016-0778 CVE-2016-1908 CVE-2016-3115 CVE-2016-3698 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5118 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6210 CVE-2016-6491 CVE-2016-6515 CVE-2016-6520 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2019-11091 CVE-2019-17569 CVE-2019-3882 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 CVE-2020-1935 CVE-2020-1938 SUSE-SU-2020:0598-1 Platform(s): openSUSE 13.1 openSUSE 13.1 NonFree SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise for SAP 12 SP1 SUSE Linux Enterprise High Availability 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Toolchain 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Point of Sale 12 SP2 SUSE Linux Enterprise Real Time Extension 12 SP1 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Workstation Extension 15 SUSE OpenStack Cloud 5 Product(s): Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information kernel-default-3.0.101-68.1 is installed OR kernel-default-base-3.0.101-68.1 is installed OR kernel-default-devel-3.0.101-68.1 is installed OR kernel-default-extra-3.0.101-68.1 is installed OR kernel-pae-3.0.101-68.1 is installed OR kernel-pae-base-3.0.101-68.1 is installed OR kernel-pae-devel-3.0.101-68.1 is installed OR kernel-pae-extra-3.0.101-68.1 is installed OR kernel-source-3.0.101-68.1 is installed OR kernel-syms-3.0.101-68.1 is installed OR kernel-trace-3.0.101-68.1 is installed OR kernel-trace-devel-3.0.101-68.1 is installed OR kernel-xen-3.0.101-68.1 is installed OR kernel-xen-base-3.0.101-68.1 is installed OR kernel-xen-devel-3.0.101-68.1 is installed OR kernel-xen-extra-3.0.101-68.1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information unixODBC-2.3.1-4 is installed OR unixODBC-32bit-2.3.1-4 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information ImageMagick-6.8.8.1-33 is installed OR libMagick++-6_Q16-3-6.8.8.1-33 is installed OR libMagickCore-6_Q16-1-6.8.8.1-33 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-33 is installed OR libMagickWand-6_Q16-1-6.8.8.1-33 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND cifs-utils-6.5-8 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information DirectFB-1.7.1-6 is installed OR lib++dfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-32bit-1.7.1-6 is installed Definition Synopsis SUSE Linux Enterprise for SAP 12 is installed AND Package Information kgraft-patch-3_12_60-52_49-default-2-2.2 is installed OR kgraft-patch-3_12_60-52_49-xen-2-2.2 is installed OR kgraft-patch-SLE12_Update_14-2-2.2 is installed Definition Synopsis SUSE Linux Enterprise for SAP 12 SP1 is installed AND Package Information MozillaFirefox-52.2.0esr-108.3 is installed OR MozillaFirefox-branding-SLE-52-31.1 is installed OR MozillaFirefox-devel-52.2.0esr-108.3 is installed OR MozillaFirefox-translations-52.2.0esr-108.3 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP4 is installed AND Package Information libpacemaker3-1.1.19+20180928.0d2680780-1 is installed OR pacemaker-1.1.19+20180928.0d2680780-1 is installed OR pacemaker-cli-1.1.19+20180928.0d2680780-1 is installed OR pacemaker-cts-1.1.19+20180928.0d2680780-1 is installed OR pacemaker-remote-1.1.19+20180928.0d2680780-1 is installed Definition Synopsis SUSE Linux Enterprise High Performance Computing 12 SP5 is installed AND Package Information fetchmail-6.3.26-12 is installed OR fetchmailconf-6.3.26-12 is installed Definition Synopsis SUSE Linux Enterprise Module for Containers 12 is installed AND docker-1.6.2-31 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 12 is installed AND Package Information cups154-1.5.4-2 is installed OR cups154-client-1.5.4-2 is installed OR cups154-filters-1.5.4-2 is installed OR cups154-libs-1.5.4-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Public Cloud 12 is installed AND Package Information kernel-ec2-3.12.39-47 is installed OR kernel-ec2-devel-3.12.39-47 is installed OR kernel-ec2-extra-3.12.39-47 is installed Definition Synopsis SUSE Linux Enterprise Module for Toolchain 12 is installed AND Package Information cpp5-5.3.1+r233831-9.1 is installed OR gcc5-5.3.1+r233831-9.1 is installed OR gcc5-32bit-5.3.1+r233831-9.1 is installed OR gcc5-ada-5.3.1+r233831-9.1 is installed OR gcc5-ada-32bit-5.3.1+r233831-9.1 is installed OR gcc5-c++-5.3.1+r233831-9.1 is installed OR gcc5-c++-32bit-5.3.1+r233831-9.1 is installed OR gcc5-fortran-5.3.1+r233831-9.1 is installed OR gcc5-fortran-32bit-5.3.1+r233831-9.1 is installed OR gcc5-info-5.3.1+r233831-9.1 is installed OR gcc5-locale-5.3.1+r233831-9.1 is installed OR libada5-5.3.1+r233831-9.1 is installed OR libada5-32bit-5.3.1+r233831-9.1 is installed OR libffi-devel-gcc5-5.3.1+r233831-9.1 is installed OR libffi-devel-gcc5-32bit-5.3.1+r233831-9.1 is installed OR libffi-gcc5-5.3.1+r233831-9.1 is installed OR libstdc++6-devel-gcc5-5.3.1+r233831-9.1 is installed OR libstdc++6-devel-gcc5-32bit-5.3.1+r233831-9.1 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 12 is installed AND Package Information apache2-mod_php5-5.5.14-22.1 is installed OR php5-5.5.14-22.1 is installed OR php5-bcmath-5.5.14-22.1 is installed OR php5-bz2-5.5.14-22.1 is installed OR php5-calendar-5.5.14-22.1 is installed OR php5-ctype-5.5.14-22.1 is installed OR php5-curl-5.5.14-22.1 is installed OR php5-dba-5.5.14-22.1 is installed OR php5-dom-5.5.14-22.1 is installed OR php5-enchant-5.5.14-22.1 is installed OR php5-exif-5.5.14-22.1 is installed OR php5-fastcgi-5.5.14-22.1 is installed OR php5-fileinfo-5.5.14-22.1 is installed OR php5-fpm-5.5.14-22.1 is installed OR php5-ftp-5.5.14-22.1 is installed OR php5-gd-5.5.14-22.1 is installed OR php5-gettext-5.5.14-22.1 is installed OR php5-gmp-5.5.14-22.1 is installed OR php5-iconv-5.5.14-22.1 is installed OR php5-intl-5.5.14-22.1 is installed OR php5-json-5.5.14-22.1 is installed OR php5-ldap-5.5.14-22.1 is installed OR php5-mbstring-5.5.14-22.1 is installed OR php5-mcrypt-5.5.14-22.1 is installed OR php5-mysql-5.5.14-22.1 is installed OR php5-odbc-5.5.14-22.1 is installed OR php5-openssl-5.5.14-22.1 is installed OR php5-pcntl-5.5.14-22.1 is installed OR php5-pdo-5.5.14-22.1 is installed OR php5-pear-5.5.14-22.1 is installed OR php5-pgsql-5.5.14-22.1 is installed OR php5-pspell-5.5.14-22.1 is installed OR php5-shmop-5.5.14-22.1 is installed OR php5-snmp-5.5.14-22.1 is installed OR php5-soap-5.5.14-22.1 is installed OR php5-sockets-5.5.14-22.1 is installed OR php5-sqlite-5.5.14-22.1 is installed OR php5-suhosin-5.5.14-22.1 is installed OR php5-sysvmsg-5.5.14-22.1 is installed OR php5-sysvsem-5.5.14-22.1 is installed OR php5-sysvshm-5.5.14-22.1 is installed OR php5-tokenizer-5.5.14-22.1 is installed OR php5-wddx-5.5.14-22.1 is installed OR php5-xmlreader-5.5.14-22.1 is installed OR php5-xmlrpc-5.5.14-22.1 is installed OR php5-xmlwriter-5.5.14-22.1 is installed OR php5-xsl-5.5.14-22.1 is installed OR php5-zip-5.5.14-22.1 is installed OR php5-zlib-5.5.14-22.1 is installed Definition Synopsis SUSE Linux Enterprise Point of Sale 12 SP2 is installed AND python-pycrypto-2.6.1-10.3.1 is installed Definition Synopsis SUSE Linux Enterprise Real Time Extension 12 SP1 is installed AND Package Information kernel-compute-3.12.58-14.1 is installed OR kernel-compute-base-3.12.58-14.1 is installed OR kernel-compute-devel-3.12.58-14.1 is installed OR kernel-compute_debug-3.12.58-14.1 is installed OR kernel-compute_debug-devel-3.12.58-14.1 is installed OR kernel-devel-rt-3.12.58-14.1 is installed OR kernel-rt-3.12.58-14.1 is installed OR kernel-rt-base-3.12.58-14.1 is installed OR kernel-rt-devel-3.12.58-14.1 is installed OR kernel-rt_debug-3.12.58-14.1 is installed OR kernel-rt_debug-devel-3.12.58-14.1 is installed OR kernel-source-rt-3.12.58-14.1 is installed OR kernel-syms-rt-3.12.58-14.1 is installed Definition Synopsis SUSE Linux Enterprise Server 11 is installed AND Package Information NetworkManager-0.7.0.r4359-15.9.2 is installed OR NetworkManager-glib-0.7.0.r4359-15.9.2 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 11 SP2 is installed AND Mesa-7.11.2-0.9.1 is installed OR Mesa-32bit-7.11.2-0.9.1 is installed OR Mesa-x86-7.11.2-0.9.1 is installed OR Package Information SUSE Linux Enterprise Server for VMWare 11 SP2 is installed AND Mesa-7.11.2-0.9.1 is installed OR Mesa-32bit-7.11.2-0.9.1 is installed OR Mesa-x86-7.11.2-0.9.1 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP2 is installed AND Package Information avahi-0.6.23-11.19.22 is installed OR avahi-lang-0.6.23-11.19.22 is installed OR avahi-utils-0.6.23-11.19.22 is installed OR libavahi-client3-0.6.23-11.19.22 is installed OR libavahi-client3-32bit-0.6.23-11.19.22 is installed OR libavahi-client3-x86-0.6.23-11.19.22 is installed OR libavahi-common3-0.6.23-11.19.22 is installed OR libavahi-common3-32bit-0.6.23-11.19.22 is installed OR libavahi-common3-x86-0.6.23-11.19.22 is installed OR libavahi-core5-0.6.23-11.19.22 is installed OR libdns_sd-0.6.23-11.19.22 is installed OR libdns_sd-32bit-0.6.23-11.19.22 is installed OR libdns_sd-x86-0.6.23-11.19.22 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP3 is installed AND cifs-utils-5.1-0.11.1 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP4 is installed AND LibVNCServer-0.9.1-154.24 is installed Definition Synopsis SUSE Linux Enterprise Server 12 is installed AND Package Information apache-commons-daemon-1.0.15-4 is installed OR apache-commons-daemon-javadoc-1.0.15-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND apache-commons-httpclient-3.1-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND ant-1.9.4-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND wpa_supplicant-2.2-14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information augeas-1.2.0-17.3 is installed OR augeas-lenses-1.2.0-17.3 is installed OR libaugeas0-1.2.0-17.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12-LTSS is installed AND Package Information kgraft-patch-3_12_60-52_49-default-2-2.2 is installed OR kgraft-patch-3_12_60-52_49-xen-2-2.2 is installed OR kgraft-patch-SLE12_Update_14-2-2.2 is installed Definition Synopsis SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-28 is installed OR aaa_base-extras-13.2+git20140911.61c1681-28 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 12 SP1 is installed AND Package Information java-1_8_0-openjdk-1.8.0.151-27.8 is installed OR java-1_8_0-openjdk-demo-1.8.0.151-27.8 is installed OR java-1_8_0-openjdk-devel-1.8.0.151-27.8 is installed OR java-1_8_0-openjdk-headless-1.8.0.151-27.8 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information tomcat-9.0.31-3.42 is installed OR tomcat-admin-webapps-9.0.31-3.42 is installed OR tomcat-el-3_0-api-9.0.31-3.42 is installed OR tomcat-jsp-2_3-api-9.0.31-3.42 is installed OR tomcat-lib-9.0.31-3.42 is installed OR tomcat-servlet-4_0-api-9.0.31-3.42 is installed OR tomcat-webapps-9.0.31-3.42 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 11 SP2 is installed AND Package Information php53-devel-5.3.8-0.43.1 is installed OR php53-imap-5.3.8-0.43.1 is installed OR php53-posix-5.3.8-0.43.1 is installed OR php53-readline-5.3.8-0.43.1 is installed OR php53-sockets-5.3.8-0.43.1 is installed OR php53-sqlite-5.3.8-0.43.1 is installed OR php53-tidy-5.3.8-0.43.1 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 11 SP4 is installed AND libproxy-devel-0.3.1-2.6.1 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 is installed AND alsa-devel-1.0.27.2-11 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP1 is installed AND dia-0.97.2-13 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP3 is installed AND udisks2-devel-2.1.3-1 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP4 is installed AND Package Information FastCGI-2.4.0-168 is installed OR FastCGI-devel-2.4.0-168 is installed OR perl-FastCGI-2.4.0-168 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 is installed AND argyllcms-1.6.3-1 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 SP1 is installed AND libssh4-0.6.3-8 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 SP2 is installed AND Package Information gcc48-gij-4.8.5-30 is installed OR gcc48-gij-32bit-4.8.5-30 is installed OR libgcj48-4.8.5-30 is installed OR libgcj48-32bit-4.8.5-30 is installed OR libgcj48-jar-4.8.5-30 is installed OR libgcj_bc1-4.8.5-30 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 SP3 is installed AND argyllcms-1.6.3-3 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information kernel-default-4.12.14-150.17 is installed OR kernel-default-extra-4.12.14-150.17 is installed
BACK