Описание
Security update for tomcat
This update for tomcat fixes the following issues:
- CVE-2022-45143: Fixed JsonErrorReportValve injection (bsc#1206840).
Список пакетов
Container containers/apache-tomcat:9-openjdk11
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Container containers/apache-tomcat:9-openjdk17
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Container containers/apache-tomcat:9-openjdk21
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Container containers/apache-tomcat:9-openjdk8
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Container suse/manager/5.0/x86_64/server:latest
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Image SLES15-SP4-Manager-Server-4-3
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Image server-image
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
Image tomcat_15_6
tomcat-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
SUSE Enterprise Storage 7
tomcat-9.0.43-150200.38.1
tomcat-admin-webapps-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
tomcat-webapps-9.0.43-150200.38.1
SUSE Enterprise Storage 7.1
tomcat-9.0.43-150200.38.1
tomcat-admin-webapps-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
tomcat-webapps-9.0.43-150200.38.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
tomcat-9.0.43-150200.38.1
tomcat-admin-webapps-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
tomcat-webapps-9.0.43-150200.38.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
tomcat-9.0.43-150200.38.1
tomcat-admin-webapps-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
tomcat-webapps-9.0.43-150200.38.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
tomcat-9.0.43-150200.38.1
tomcat-admin-webapps-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
tomcat-webapps-9.0.43-150200.38.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP4
tomcat-9.0.43-150200.38.1
tomcat-admin-webapps-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
tomcat-webapps-9.0.43-150200.38.1
SUSE Linux Enterprise Server 15 SP2-LTSS
tomcat-9.0.43-150200.38.1
tomcat-admin-webapps-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
tomcat-webapps-9.0.43-150200.38.1
SUSE Linux Enterprise Server 15 SP3-LTSS
tomcat-9.0.43-150200.38.1
tomcat-admin-webapps-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
tomcat-webapps-9.0.43-150200.38.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
tomcat-9.0.43-150200.38.1
tomcat-admin-webapps-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
tomcat-webapps-9.0.43-150200.38.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
tomcat-9.0.43-150200.38.1
tomcat-admin-webapps-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
tomcat-webapps-9.0.43-150200.38.1
SUSE Manager Server 4.2
tomcat-9.0.43-150200.38.1
tomcat-admin-webapps-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
tomcat-webapps-9.0.43-150200.38.1
openSUSE Leap 15.4
tomcat-9.0.43-150200.38.1
tomcat-admin-webapps-9.0.43-150200.38.1
tomcat-docs-webapp-9.0.43-150200.38.1
tomcat-el-3_0-api-9.0.43-150200.38.1
tomcat-embed-9.0.43-150200.38.1
tomcat-javadoc-9.0.43-150200.38.1
tomcat-jsp-2_3-api-9.0.43-150200.38.1
tomcat-jsvc-9.0.43-150200.38.1
tomcat-lib-9.0.43-150200.38.1
tomcat-servlet-4_0-api-9.0.43-150200.38.1
tomcat-webapps-9.0.43-150200.38.1
Ссылки
- Link for SUSE-SU-2023:1853-1
- E-Mail link for SUSE-SU-2023:1853-1
- SUSE Security Ratings
- SUSE Bug 1206840
- SUSE CVE CVE-2022-45143 page
Описание
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
Затронутые продукты
Container containers/apache-tomcat:9-openjdk11:tomcat-9.0.43-150200.38.1
Container containers/apache-tomcat:9-openjdk11:tomcat-el-3_0-api-9.0.43-150200.38.1
Container containers/apache-tomcat:9-openjdk11:tomcat-jsp-2_3-api-9.0.43-150200.38.1
Container containers/apache-tomcat:9-openjdk11:tomcat-lib-9.0.43-150200.38.1
Ссылки
- CVE-2022-45143
- SUSE Bug 1206840