Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:0394-1

Опубликовано: 10 фев. 2025
Источник: suse-cvrf

Описание

Security update for tomcat

This update for tomcat fixes the following issues:

  • CVE-2024-50379: Fixed remote code execution (RCE) due to TOCTOU issue in JSP compilation (bsc#1234663).
  • CVE-2024-54677: Fixed denial-of-service (DoS) attack in examples web application (bsc#1234664).

Список пакетов

SUSE Linux Enterprise Server 12 SP5-LTSS
tomcat-9.0.36-3.136.1
tomcat-admin-webapps-9.0.36-3.136.1
tomcat-docs-webapp-9.0.36-3.136.1
tomcat-el-3_0-api-9.0.36-3.136.1
tomcat-javadoc-9.0.36-3.136.1
tomcat-jsp-2_3-api-9.0.36-3.136.1
tomcat-lib-9.0.36-3.136.1
tomcat-servlet-4_0-api-9.0.36-3.136.1
tomcat-webapps-9.0.36-3.136.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
tomcat-9.0.36-3.136.1
tomcat-admin-webapps-9.0.36-3.136.1
tomcat-docs-webapp-9.0.36-3.136.1
tomcat-el-3_0-api-9.0.36-3.136.1
tomcat-javadoc-9.0.36-3.136.1
tomcat-jsp-2_3-api-9.0.36-3.136.1
tomcat-lib-9.0.36-3.136.1
tomcat-servlet-4_0-api-9.0.36-3.136.1
tomcat-webapps-9.0.36-3.136.1

Ссылки

Описание

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.136.1
SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.136.1
SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.136.1
SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.136.1
Ссылки

Описание

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.136.1
SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.136.1
SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.136.1
SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.136.1
Ссылки