Oval Definition:	oval:org.opensuse.security:def:64013
Revision Date: 2020-12-01 Version: 1 Title: Security update for tomcat (Important) Description: This update for tomcat to version 9.0.31 fixes the following issues: Security issues fixed: - CVE-2019-10072: Fixed a denial-of-service that could have been caused by clients omitting WINDOW_UPDATE messages in HTTP/2 streams (bsc#1139924). - CVE-2019-12418: Fixed a local privilege escalation by manipulating the RMI registry (bsc#1159723). - CVE-2019-17563: Fixed a session fixation attack when using FORM authentication (bsc#1159729). - CVE-2019-17569: Fixed a regression in the handling of Transfer-Encoding headers that would have allowed HTTP Request Smuggling (bsc#1164825). - CVE-2020-1935: Fixed an HTTP Request Smuggling issue (bsc#1164860). - CVE-2020-1938: Fixed a file contents disclosure vulnerability (bsc#1164692). Family: unix Class: patch Status: Reference(s): 1013708 1013712 1013893 1015171 1104841 1129528 1137990 1139924 1143532 1149429 1151186 1153423 1153869 1154738 1159723 1159729 1164692 1164825 1164860 1165548 1170446 1173594 1173998 1174157 1175239 1178387 CVE-2016-9797 CVE-2016-9798 CVE-2016-9802 CVE-2016-9917 CVE-2019-10072 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-12418 CVE-2019-14318 CVE-2019-15903 CVE-2019-17563 CVE-2019-17569 CVE-2020-13753 CVE-2020-14363 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-1935 CVE-2020-1938 CVE-2020-25692 CVE-2020-8695 CVE-2020-8698 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 openSUSE-SU-2019:1476-1 openSUSE-SU-2019:1968-1 openSUSE-SU-2019:2451-1 openSUSE-SU-2020:0836-1 openSUSE-SU-2020:1368-1 SUSE-SU-2020:0632-1 SUSE-SU-2020:2861-1 Platform(s): openSUSE Leap 15.1 openSUSE Leap 15.2 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS Product(s): Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information bluez-5.48-lp151.8.3 is installed OR bluez-auto-enable-devices-5.48-lp151.8.3 is installed OR bluez-cups-5.48-lp151.8.3 is installed OR bluez-devel-5.48-lp151.8.3 is installed OR bluez-devel-32bit-5.48-lp151.8.3 is installed OR bluez-test-5.48-lp151.8.3 is installed OR libbluetooth3-5.48-lp151.8.3 is installed OR libbluetooth3-32bit-5.48-lp151.8.3 is installed Definition Synopsis openSUSE Leap 15.2 is installed AND ucode-intel-20201027-lp152.2.4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information tomcat-9.0.31-3.25 is installed OR tomcat-admin-webapps-9.0.31-3.25 is installed OR tomcat-docs-webapp-9.0.31-3.25 is installed OR tomcat-el-3_0-api-9.0.31-3.25 is installed OR tomcat-javadoc-9.0.31-3.25 is installed OR tomcat-jsp-2_3-api-9.0.31-3.25 is installed OR tomcat-lib-9.0.31-3.25 is installed OR tomcat-servlet-4_0-api-9.0.31-3.25 is installed OR tomcat-webapps-9.0.31-3.25 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND Package Information libldap-2_4-2-2.4.41-18.77 is installed OR libldap-2_4-2-32bit-2.4.41-18.77 is installed OR openldap2-2.4.41-18.77 is installed OR openldap2-back-meta-2.4.41-18.77 is installed OR openldap2-client-2.4.41-18.77 is installed OR openldap2-doc-2.4.41-18.77 is installed OR openldap2-ppolicy-check-password-1.2-18.77 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-LTSS is installed AND Package Information java-1_7_0-openjdk-1.7.0.271-43.41 is installed OR java-1_7_0-openjdk-demo-1.7.0.271-43.41 is installed OR java-1_7_0-openjdk-devel-1.7.0.271-43.41 is installed OR java-1_7_0-openjdk-headless-1.7.0.271-43.41 is installed
BACK