Описание
Security update for tomcat
This update for tomcat fixes the following issues:
Security issues fixed:
- CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255)
- Remove log4j (bsc#1196137)
Список пакетов
openSUSE Leap 15.3
tomcat-9.0.36-19.1
tomcat-admin-webapps-9.0.36-19.1
tomcat-docs-webapp-9.0.36-19.1
tomcat-el-3_0-api-9.0.36-19.1
tomcat-embed-9.0.36-19.1
tomcat-javadoc-9.0.36-19.1
tomcat-jsp-2_3-api-9.0.36-19.1
tomcat-jsvc-9.0.36-19.1
tomcat-lib-9.0.36-19.1
tomcat-servlet-4_0-api-9.0.36-19.1
tomcat-webapps-9.0.36-19.1
Ссылки
- E-Mail link for openSUSE-SU-2022:0818-1
- SUSE Security Ratings
- SUSE Bug 1195255
- SUSE Bug 1196137
- SUSE CVE CVE-2022-23181 page
Описание
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
Затронутые продукты
openSUSE Leap 15.3:tomcat-9.0.36-19.1
openSUSE Leap 15.3:tomcat-admin-webapps-9.0.36-19.1
openSUSE Leap 15.3:tomcat-docs-webapp-9.0.36-19.1
openSUSE Leap 15.3:tomcat-el-3_0-api-9.0.36-19.1
Ссылки
- CVE-2022-23181
- SUSE Bug 1195255
- SUSE Bug 1196395
- SUSE Bug 1200696