Описание
Security update for tomcat
This update for tomcat fixes the following issues:
- CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
tomcat-9.0.36-3.90.1
tomcat-admin-webapps-9.0.36-3.90.1
tomcat-docs-webapp-9.0.36-3.90.1
tomcat-el-3_0-api-9.0.36-3.90.1
tomcat-javadoc-9.0.36-3.90.1
tomcat-jsp-2_3-api-9.0.36-3.90.1
tomcat-lib-9.0.36-3.90.1
tomcat-servlet-4_0-api-9.0.36-3.90.1
tomcat-webapps-9.0.36-3.90.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
tomcat-9.0.36-3.90.1
tomcat-admin-webapps-9.0.36-3.90.1
tomcat-docs-webapp-9.0.36-3.90.1
tomcat-el-3_0-api-9.0.36-3.90.1
tomcat-javadoc-9.0.36-3.90.1
tomcat-jsp-2_3-api-9.0.36-3.90.1
tomcat-lib-9.0.36-3.90.1
tomcat-servlet-4_0-api-9.0.36-3.90.1
tomcat-webapps-9.0.36-3.90.1
Ссылки
- Link for SUSE-SU-2022:4009-1
- E-Mail link for SUSE-SU-2022:4009-1
- SUSE Security Ratings
- SUSE Bug 1203868
- SUSE CVE CVE-2021-43980 page
Описание
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.90.1
SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.90.1
SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.90.1
SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.90.1
Ссылки
- CVE-2021-43980
- SUSE Bug 1203868