SUSE-SU-2024:0208-1

Опубликовано: 24 янв. 2024

Источник: suse-cvrf

Описание

Security update for tomcat10

This update for tomcat10 fixes the following issues:

Updated to Tomcat 10.1.18

CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649)

Find the full release notes at:

https://tomcat.apache.org/tomcat-9.0-doc/changelog.html

Список пакетов

Container containers/apache-tomcat:10.1-openjdk11

tomcat10-10.1.18-150200.5.8.1

tomcat10-el-5_0-api-10.1.18-150200.5.8.1

tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1

tomcat10-lib-10.1.18-150200.5.8.1

tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1

Container containers/apache-tomcat:10.1-openjdk17

tomcat10-10.1.18-150200.5.8.1

tomcat10-el-5_0-api-10.1.18-150200.5.8.1

tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1

tomcat10-lib-10.1.18-150200.5.8.1

tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1

Container containers/apache-tomcat:10.1-openjdk21

tomcat10-10.1.18-150200.5.8.1

tomcat10-el-5_0-api-10.1.18-150200.5.8.1

tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1

tomcat10-lib-10.1.18-150200.5.8.1

tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1

SUSE Linux Enterprise Module for Web and Scripting 15 SP5

tomcat10-10.1.18-150200.5.8.1

tomcat10-admin-webapps-10.1.18-150200.5.8.1

tomcat10-el-5_0-api-10.1.18-150200.5.8.1

tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1

tomcat10-lib-10.1.18-150200.5.8.1

tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1

tomcat10-webapps-10.1.18-150200.5.8.1

openSUSE Leap 15.5

tomcat10-10.1.18-150200.5.8.1

tomcat10-admin-webapps-10.1.18-150200.5.8.1

tomcat10-docs-webapp-10.1.18-150200.5.8.1

tomcat10-el-5_0-api-10.1.18-150200.5.8.1

tomcat10-embed-10.1.18-150200.5.8.1

tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1

tomcat10-jsvc-10.1.18-150200.5.8.1

tomcat10-lib-10.1.18-150200.5.8.1

tomcat10-servlet-6_0-api-10.1.18-150200.5.8.1

tomcat10-webapps-10.1.18-150200.5.8.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240208-1/
Link for SUSE-SU-2024:0208-1
https://lists.suse.com/pipermail/sle-security-updates/2024-January/017751.html
E-Mail link for SUSE-SU-2024:0208-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1217649
SUSE Bug 1217649
https://www.suse.com/security/cve/CVE-2023-46589/
SUSE CVE CVE-2023-46589 page

Описание

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

Затронутые продукты

Container containers/apache-tomcat:10.1-openjdk11:tomcat10-10.1.18-150200.5.8.1

Container containers/apache-tomcat:10.1-openjdk11:tomcat10-el-5_0-api-10.1.18-150200.5.8.1

Container containers/apache-tomcat:10.1-openjdk11:tomcat10-jsp-3_1-api-10.1.18-150200.5.8.1

Container containers/apache-tomcat:10.1-openjdk11:tomcat10-lib-10.1.18-150200.5.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-46589.html
CVE-2023-46589
https://bugzilla.suse.com/1217649
SUSE Bug 1217649

SUSE-SU-2024:0208-1

Описание

Список пакетов

Container containers/apache-tomcat:10.1-openjdk11

Container containers/apache-tomcat:10.1-openjdk17

Container containers/apache-tomcat:10.1-openjdk21

SUSE Linux Enterprise Module for Web and Scripting 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-46589

Описание

Затронутые продукты

Ссылки