Описание
Security update for tomcat
This update for tomcat fixes the following issues:
- CVE-2021-24122: Fixed an information disclosure if resources are served from the NTFS file system (bsc#1180947).
Список пакетов
Container containers/apache-tomcat:9-openjdk11
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Container containers/apache-tomcat:9-openjdk17
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Container containers/apache-tomcat:9-openjdk21
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Container containers/apache-tomcat:9-openjdk8
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Container suse/manager/5.0/x86_64/server:latest
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP4-Manager-Server-4-3
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image server-image
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
Image tomcat_15_6
tomcat-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP2
tomcat-9.0.36-3.21.1
tomcat-admin-webapps-9.0.36-3.21.1
tomcat-el-3_0-api-9.0.36-3.21.1
tomcat-jsp-2_3-api-9.0.36-3.21.1
tomcat-lib-9.0.36-3.21.1
tomcat-servlet-4_0-api-9.0.36-3.21.1
tomcat-webapps-9.0.36-3.21.1
Ссылки
- Link for SUSE-SU-2021:0531-1
- E-Mail link for SUSE-SU-2021:0531-1
- SUSE Security Ratings
- SUSE Bug 1180947
- SUSE CVE CVE-2021-24122 page
Описание
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.
Затронутые продукты
Container containers/apache-tomcat:9-openjdk11:tomcat-9.0.36-3.21.1
Container containers/apache-tomcat:9-openjdk11:tomcat-el-3_0-api-9.0.36-3.21.1
Container containers/apache-tomcat:9-openjdk11:tomcat-jsp-2_3-api-9.0.36-3.21.1
Container containers/apache-tomcat:9-openjdk11:tomcat-lib-9.0.36-3.21.1
Ссылки
- CVE-2021-24122
- SUSE Bug 1180947