Описание
Security update for tomcat
This update for tomcat fixes the following issues:
Security issues fixed:
-
CVE-2022-23181: Fixed time of check, time of use vulnerability that allowed local privilege escalation. (bsc#1195255)
-
Remove log4j dependency, which is currently directly in use (bsc#1196137)
-
Make the package RPM conflict even more specific to conflict with java-openjdk-headless >= 9 (bsc#1196091)
Список пакетов
HPE Helion OpenStack 8
javapackages-filesystem-5.3.1-14.5.1
Image SLES12-SP4-SAP-Azure-BYOS
javapackages-filesystem-5.3.1-14.5.1
javapackages-tools-5.3.1-14.5.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
javapackages-filesystem-5.3.1-14.5.1
javapackages-tools-5.3.1-14.5.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
javapackages-filesystem-5.3.1-14.5.1
javapackages-tools-5.3.1-14.5.1
Image SLES12-SP5-Azure-SAP-BYOS
javapackages-filesystem-5.3.1-14.5.1
javapackages-tools-5.3.1-14.5.1
Image SLES12-SP5-Azure-SAP-On-Demand
javapackages-filesystem-5.3.1-14.5.1
javapackages-tools-5.3.1-14.5.1
Image SLES12-SP5-EC2-SAP-BYOS
javapackages-filesystem-5.3.1-14.5.1
javapackages-tools-5.3.1-14.5.1
Image SLES12-SP5-EC2-SAP-On-Demand
javapackages-filesystem-5.3.1-14.5.1
javapackages-tools-5.3.1-14.5.1
Image SLES12-SP5-GCE-SAP-BYOS
javapackages-filesystem-5.3.1-14.5.1
javapackages-tools-5.3.1-14.5.1
Image SLES12-SP5-GCE-SAP-On-Demand
javapackages-filesystem-5.3.1-14.5.1
javapackages-tools-5.3.1-14.5.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
javapackages-filesystem-5.3.1-14.5.1
javapackages-tools-5.3.1-14.5.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
javapackages-filesystem-5.3.1-14.5.1
javapackages-tools-5.3.1-14.5.1
SUSE Linux Enterprise Server 12 SP4-LTSS
javapackages-filesystem-5.3.1-14.5.1
tomcat-9.0.36-3.84.1
tomcat-admin-webapps-9.0.36-3.84.1
tomcat-docs-webapp-9.0.36-3.84.1
tomcat-el-3_0-api-9.0.36-3.84.1
tomcat-javadoc-9.0.36-3.84.1
tomcat-jsp-2_3-api-9.0.36-3.84.1
tomcat-lib-9.0.36-3.84.1
tomcat-servlet-4_0-api-9.0.36-3.84.1
tomcat-webapps-9.0.36-3.84.1
SUSE Linux Enterprise Server 12 SP5
javapackages-filesystem-5.3.1-14.5.1
tomcat-9.0.36-3.84.1
tomcat-admin-webapps-9.0.36-3.84.1
tomcat-docs-webapp-9.0.36-3.84.1
tomcat-el-3_0-api-9.0.36-3.84.1
tomcat-javadoc-9.0.36-3.84.1
tomcat-jsp-2_3-api-9.0.36-3.84.1
tomcat-lib-9.0.36-3.84.1
tomcat-servlet-4_0-api-9.0.36-3.84.1
tomcat-webapps-9.0.36-3.84.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
javapackages-filesystem-5.3.1-14.5.1
tomcat-9.0.36-3.84.1
tomcat-admin-webapps-9.0.36-3.84.1
tomcat-docs-webapp-9.0.36-3.84.1
tomcat-el-3_0-api-9.0.36-3.84.1
tomcat-javadoc-9.0.36-3.84.1
tomcat-jsp-2_3-api-9.0.36-3.84.1
tomcat-lib-9.0.36-3.84.1
tomcat-servlet-4_0-api-9.0.36-3.84.1
tomcat-webapps-9.0.36-3.84.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
javapackages-filesystem-5.3.1-14.5.1
tomcat-9.0.36-3.84.1
tomcat-admin-webapps-9.0.36-3.84.1
tomcat-docs-webapp-9.0.36-3.84.1
tomcat-el-3_0-api-9.0.36-3.84.1
tomcat-javadoc-9.0.36-3.84.1
tomcat-jsp-2_3-api-9.0.36-3.84.1
tomcat-lib-9.0.36-3.84.1
tomcat-servlet-4_0-api-9.0.36-3.84.1
tomcat-webapps-9.0.36-3.84.1
SUSE Linux Enterprise Software Development Kit 12 SP5
javapackages-filesystem-5.3.1-14.5.1
SUSE OpenStack Cloud 8
javapackages-filesystem-5.3.1-14.5.1
SUSE OpenStack Cloud 9
javapackages-filesystem-5.3.1-14.5.1
tomcat-9.0.36-3.84.1
tomcat-admin-webapps-9.0.36-3.84.1
tomcat-docs-webapp-9.0.36-3.84.1
tomcat-el-3_0-api-9.0.36-3.84.1
tomcat-javadoc-9.0.36-3.84.1
tomcat-jsp-2_3-api-9.0.36-3.84.1
tomcat-lib-9.0.36-3.84.1
tomcat-servlet-4_0-api-9.0.36-3.84.1
tomcat-webapps-9.0.36-3.84.1
SUSE OpenStack Cloud Crowbar 8
javapackages-filesystem-5.3.1-14.5.1
SUSE OpenStack Cloud Crowbar 9
javapackages-filesystem-5.3.1-14.5.1
tomcat-9.0.36-3.84.1
tomcat-admin-webapps-9.0.36-3.84.1
tomcat-docs-webapp-9.0.36-3.84.1
tomcat-el-3_0-api-9.0.36-3.84.1
tomcat-javadoc-9.0.36-3.84.1
tomcat-jsp-2_3-api-9.0.36-3.84.1
tomcat-lib-9.0.36-3.84.1
tomcat-servlet-4_0-api-9.0.36-3.84.1
tomcat-webapps-9.0.36-3.84.1
Ссылки
- Link for SUSE-SU-2022:0784-1
- E-Mail link for SUSE-SU-2022:0784-1
- SUSE Security Ratings
- SUSE Bug 1195255
- SUSE Bug 1196091
- SUSE Bug 1196137
- SUSE CVE CVE-2022-23181 page
Описание
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
Затронутые продукты
HPE Helion OpenStack 8:javapackages-filesystem-5.3.1-14.5.1
Image SLES12-SP4-SAP-Azure-BYOS:javapackages-filesystem-5.3.1-14.5.1
Image SLES12-SP4-SAP-Azure-BYOS:javapackages-tools-5.3.1-14.5.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:javapackages-filesystem-5.3.1-14.5.1
Ссылки
- CVE-2022-23181
- SUSE Bug 1195255
- SUSE Bug 1196395
- SUSE Bug 1200696