SUSE-SU-2023:0697-1

Опубликовано: 10 мар. 2023

Источник: suse-cvrf

Описание

Security update for tomcat

This update for tomcat fixes the following issues:

CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513).

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

tomcat-9.0.36-150100.4.87.1

tomcat-admin-webapps-9.0.36-150100.4.87.1

tomcat-el-3_0-api-9.0.36-150100.4.87.1

tomcat-jsp-2_3-api-9.0.36-150100.4.87.1

tomcat-lib-9.0.36-150100.4.87.1

tomcat-servlet-4_0-api-9.0.36-150100.4.87.1

tomcat-webapps-9.0.36-150100.4.87.1

SUSE Linux Enterprise Server 15 SP1-LTSS

tomcat-9.0.36-150100.4.87.1

tomcat-admin-webapps-9.0.36-150100.4.87.1

tomcat-el-3_0-api-9.0.36-150100.4.87.1

tomcat-jsp-2_3-api-9.0.36-150100.4.87.1

tomcat-lib-9.0.36-150100.4.87.1

tomcat-servlet-4_0-api-9.0.36-150100.4.87.1

tomcat-webapps-9.0.36-150100.4.87.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

tomcat-9.0.36-150100.4.87.1

tomcat-admin-webapps-9.0.36-150100.4.87.1

tomcat-el-3_0-api-9.0.36-150100.4.87.1

tomcat-jsp-2_3-api-9.0.36-150100.4.87.1

tomcat-lib-9.0.36-150100.4.87.1

tomcat-servlet-4_0-api-9.0.36-150100.4.87.1

tomcat-webapps-9.0.36-150100.4.87.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230697-1/
Link for SUSE-SU-2023:0697-1
https://lists.suse.com/pipermail/sle-security-updates/2023-March/014017.html
E-Mail link for SUSE-SU-2023:0697-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1208513
SUSE Bug 1208513
https://www.suse.com/security/cve/CVE-2023-24998/
SUSE CVE CVE-2023-24998 page

Описание

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-9.0.36-150100.4.87.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-admin-webapps-9.0.36-150100.4.87.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-el-3_0-api-9.0.36-150100.4.87.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:tomcat-jsp-2_3-api-9.0.36-150100.4.87.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-24998.html
CVE-2023-24998
https://bugzilla.suse.com/1208513
SUSE Bug 1208513
https://bugzilla.suse.com/1210310
SUSE Bug 1210310
https://bugzilla.suse.com/1211608
SUSE Bug 1211608
https://bugzilla.suse.com/1228313
SUSE Bug 1228313

SUSE-SU-2023:0697-1

Описание

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP1

Ссылки

Уязвимость: CVE-2023-24998

Описание

Затронутые продукты

Ссылки