Oval Definition:	oval:org.opensuse.security:def:70329
Revision Date: 2021-01-07 Version: 1 Title: Security update for tomcat (Moderate) Description: This update for tomcat fixes the following issues: Security issues fixed: - CVE-2020-13943: Fixed a HTTP/2 Request mix-up (bsc#1177582). - CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602). Non-security issue fixed: - Removed tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from package. They're not used anymore becuse of systemd (bsc#1178396). - Fixed 'tomcat-servlet-4_0-api' package alternatives to use and keep a symlink for compatibility (bsc#1092163). - Don't give write permissions for the tomcat group on files and directories where it's not needed (bsc#1172562). Family: unix Class: patch Status: Reference(s): 1092163 1172562 1177582 1178396 1178666 1178667 1178668 1179602 CVE-2017-16899 CVE-2018-16140 CVE-2020-13943 CVE-2020-17527 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 SUSE-SU-2020:3463-1 SUSE-SU-2021:0040-1 Platform(s): SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15 SP2 Product(s): Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information libpq5-12.5-8.10 is installed OR libpq5-32bit-12.5-8.10 is installed OR postgresql12-12.5-8.10 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information tomcat-9.0.36-3.74.1 is installed OR tomcat-admin-webapps-9.0.36-3.74.1 is installed OR tomcat-el-3_0-api-9.0.36-3.74.1 is installed OR tomcat-jsp-2_3-api-9.0.36-3.74.1 is installed OR tomcat-lib-9.0.36-3.74.1 is installed OR tomcat-servlet-4_0-api-9.0.36-3.74.1 is installed OR tomcat-webapps-9.0.36-3.74.1 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP2 is installed AND transfig-3.2.6a-4.6 is installed
BACK