SUSE-SU-2024:0473-1

Опубликовано: 14 фев. 2024

Источник: suse-cvrf

Описание

Security update for tomcat10

This update for tomcat10 fixes the following issues:

CVE-2024-22029: Fixed escalation to root from tomcat user via %post script. (bsc#1219208)

Список пакетов

Container containers/apache-tomcat:10.1-openjdk11

tomcat10-10.1.18-150200.5.11.1

tomcat10-el-5_0-api-10.1.18-150200.5.11.1

tomcat10-jsp-3_1-api-10.1.18-150200.5.11.1

tomcat10-lib-10.1.18-150200.5.11.1

tomcat10-servlet-6_0-api-10.1.18-150200.5.11.1

Container containers/apache-tomcat:10.1-openjdk17

tomcat10-10.1.18-150200.5.11.1

tomcat10-el-5_0-api-10.1.18-150200.5.11.1

tomcat10-jsp-3_1-api-10.1.18-150200.5.11.1

tomcat10-lib-10.1.18-150200.5.11.1

tomcat10-servlet-6_0-api-10.1.18-150200.5.11.1

Container containers/apache-tomcat:10.1-openjdk21

tomcat10-10.1.18-150200.5.11.1

tomcat10-el-5_0-api-10.1.18-150200.5.11.1

tomcat10-jsp-3_1-api-10.1.18-150200.5.11.1

tomcat10-lib-10.1.18-150200.5.11.1

tomcat10-servlet-6_0-api-10.1.18-150200.5.11.1

SUSE Linux Enterprise Module for Web and Scripting 15 SP5

tomcat10-10.1.18-150200.5.11.1

tomcat10-admin-webapps-10.1.18-150200.5.11.1

tomcat10-el-5_0-api-10.1.18-150200.5.11.1

tomcat10-jsp-3_1-api-10.1.18-150200.5.11.1

tomcat10-lib-10.1.18-150200.5.11.1

tomcat10-servlet-6_0-api-10.1.18-150200.5.11.1

tomcat10-webapps-10.1.18-150200.5.11.1

openSUSE Leap 15.5

tomcat10-10.1.18-150200.5.11.1

tomcat10-admin-webapps-10.1.18-150200.5.11.1

tomcat10-docs-webapp-10.1.18-150200.5.11.1

tomcat10-el-5_0-api-10.1.18-150200.5.11.1

tomcat10-embed-10.1.18-150200.5.11.1

tomcat10-jsp-3_1-api-10.1.18-150200.5.11.1

tomcat10-jsvc-10.1.18-150200.5.11.1

tomcat10-lib-10.1.18-150200.5.11.1

tomcat10-servlet-6_0-api-10.1.18-150200.5.11.1

tomcat10-webapps-10.1.18-150200.5.11.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240473-1/
Link for SUSE-SU-2024:0473-1
https://lists.suse.com/pipermail/sle-security-updates/2024-February/017912.html
E-Mail link for SUSE-SU-2024:0473-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1219208
SUSE Bug 1219208
https://www.suse.com/security/cve/CVE-2024-22029/
SUSE CVE CVE-2024-22029 page

Описание

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

Затронутые продукты

Container containers/apache-tomcat:10.1-openjdk11:tomcat10-10.1.18-150200.5.11.1

Container containers/apache-tomcat:10.1-openjdk11:tomcat10-el-5_0-api-10.1.18-150200.5.11.1

Container containers/apache-tomcat:10.1-openjdk11:tomcat10-jsp-3_1-api-10.1.18-150200.5.11.1

Container containers/apache-tomcat:10.1-openjdk11:tomcat10-lib-10.1.18-150200.5.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-22029.html
CVE-2024-22029
https://bugzilla.suse.com/1219208
SUSE Bug 1219208

SUSE-SU-2024:0473-1

Описание

Список пакетов

Container containers/apache-tomcat:10.1-openjdk11

Container containers/apache-tomcat:10.1-openjdk17

Container containers/apache-tomcat:10.1-openjdk21

SUSE Linux Enterprise Module for Web and Scripting 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2024-22029

Описание

Затронутые продукты

Ссылки