Security update for tomcat SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:3602-1 Final 1 1 2021-11-03T13:57:14Z current 2021-11-03T13:57:14Z 2021-11-03T13:57:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tomcat This update for tomcat, javapackages-tools fixes the following issue: Security issue fixed: - CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279). - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278). - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet (bsc#1190558). Non-security issues fixed: - Add requires and conflicts to avoid the usage of the incompatible 'Java 11' with 'Tomcat'. (bsc#1185476) - Rebuild javapackages-tools to fix a missing package on s390. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-3602,SUSE-OpenStack-Cloud-9-2021-3602,SUSE-OpenStack-Cloud-Crowbar-9-2021-3602,SUSE-SLE-SAP-12-SP4-2021-3602,SUSE-SLE-SERVER-12-SP4-LTSS-2021-3602,SUSE-SLE-SERVER-12-SP5-2021-3602 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20213602-1/ Link for SUSE-SU-2021:3602-1 https://lists.suse.com/pipermail/sle-security-updates/2021-November/009692.html E-Mail link for SUSE-SU-2021:3602-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1185476 SUSE Bug 1185476 https://bugzilla.suse.com/1188278 SUSE Bug 1188278 https://bugzilla.suse.com/1188279 SUSE Bug 1188279 https://bugzilla.suse.com/1190558 SUSE Bug 1190558 https://www.suse.com/security/cve/CVE-2021-30640/ SUSE CVE CVE-2021-30640 page https://www.suse.com/security/cve/CVE-2021-33037/ SUSE CVE CVE-2021-33037 page https://www.suse.com/security/cve/CVE-2021-41079/ SUSE CVE CVE-2021-41079 page SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 javapackages-tools-2.0.1-13.1 tomcat-9.0.36-3.71.1 tomcat-admin-webapps-9.0.36-3.71.1 tomcat-docs-webapp-9.0.36-3.71.1 tomcat-el-3_0-api-9.0.36-3.71.1 tomcat-embed-9.0.36-3.71.1 tomcat-javadoc-9.0.36-3.71.1 tomcat-jsp-2_3-api-9.0.36-3.71.1 tomcat-jsvc-9.0.36-3.71.1 tomcat-lib-9.0.36-3.71.1 tomcat-servlet-4_0-api-9.0.36-3.71.1 tomcat-webapps-9.0.36-3.71.1 javapackages-tools-2.0.1-13.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS tomcat-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS tomcat-admin-webapps-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS tomcat-docs-webapp-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS tomcat-el-3_0-api-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS tomcat-javadoc-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS tomcat-jsp-2_3-api-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS tomcat-lib-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS tomcat-servlet-4_0-api-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS tomcat-webapps-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS javapackages-tools-2.0.1-13.1 as a component of SUSE Linux Enterprise Server 12 SP5 tomcat-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP5 tomcat-admin-webapps-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP5 tomcat-docs-webapp-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP5 tomcat-el-3_0-api-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP5 tomcat-javadoc-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP5 tomcat-jsp-2_3-api-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP5 tomcat-lib-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP5 tomcat-servlet-4_0-api-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP5 tomcat-webapps-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server 12 SP5 javapackages-tools-2.0.1-13.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 tomcat-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 tomcat-admin-webapps-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 tomcat-docs-webapp-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 tomcat-el-3_0-api-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 tomcat-javadoc-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 tomcat-jsp-2_3-api-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 tomcat-lib-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 tomcat-servlet-4_0-api-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 tomcat-webapps-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 javapackages-tools-2.0.1-13.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 tomcat-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 tomcat-admin-webapps-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 tomcat-docs-webapp-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 tomcat-el-3_0-api-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 tomcat-javadoc-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 tomcat-jsp-2_3-api-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 tomcat-lib-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 tomcat-servlet-4_0-api-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 tomcat-webapps-9.0.36-3.71.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 javapackages-tools-2.0.1-13.1 as a component of SUSE OpenStack Cloud 9 tomcat-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud 9 tomcat-admin-webapps-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud 9 tomcat-docs-webapp-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud 9 tomcat-el-3_0-api-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud 9 tomcat-javadoc-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud 9 tomcat-jsp-2_3-api-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud 9 tomcat-lib-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud 9 tomcat-servlet-4_0-api-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud 9 tomcat-webapps-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud 9 javapackages-tools-2.0.1-13.1 as a component of SUSE OpenStack Cloud Crowbar 9 tomcat-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud Crowbar 9 tomcat-admin-webapps-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud Crowbar 9 tomcat-docs-webapp-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud Crowbar 9 tomcat-el-3_0-api-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud Crowbar 9 tomcat-javadoc-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud Crowbar 9 tomcat-jsp-2_3-api-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud Crowbar 9 tomcat-lib-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud Crowbar 9 tomcat-servlet-4_0-api-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud Crowbar 9 tomcat-webapps-9.0.36-3.71.1 as a component of SUSE OpenStack Cloud Crowbar 9 A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. CVE-2021-30640 SUSE Linux Enterprise Server 12 SP4-LTSS:javapackages-tools-2.0.1-13.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-admin-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-docs-webapp-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-javadoc-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-lib-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:javapackages-tools-2.0.1-13.1 SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:javapackages-tools-2.0.1-13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:javapackages-tools-2.0.1-13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.71.1 SUSE OpenStack Cloud 9:javapackages-tools-2.0.1-13.1 SUSE OpenStack Cloud 9:tomcat-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-admin-webapps-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-docs-webapp-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-javadoc-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-lib-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-webapps-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:javapackages-tools-2.0.1-13.1 SUSE OpenStack Cloud Crowbar 9:tomcat-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-admin-webapps-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-docs-webapp-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-javadoc-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-lib-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-webapps-9.0.36-3.71.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213602-1/ https://www.suse.com/security/cve/CVE-2021-30640.html CVE-2021-30640 https://bugzilla.suse.com/1188279 SUSE Bug 1188279 https://bugzilla.suse.com/1200696 SUSE Bug 1200696 Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. CVE-2021-33037 SUSE Linux Enterprise Server 12 SP4-LTSS:javapackages-tools-2.0.1-13.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-admin-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-docs-webapp-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-javadoc-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-lib-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:javapackages-tools-2.0.1-13.1 SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:javapackages-tools-2.0.1-13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:javapackages-tools-2.0.1-13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.71.1 SUSE OpenStack Cloud 9:javapackages-tools-2.0.1-13.1 SUSE OpenStack Cloud 9:tomcat-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-admin-webapps-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-docs-webapp-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-javadoc-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-lib-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-webapps-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:javapackages-tools-2.0.1-13.1 SUSE OpenStack Cloud Crowbar 9:tomcat-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-admin-webapps-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-docs-webapp-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-javadoc-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-lib-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-webapps-9.0.36-3.71.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213602-1/ https://www.suse.com/security/cve/CVE-2021-33037.html CVE-2021-33037 https://bugzilla.suse.com/1188278 SUSE Bug 1188278 https://bugzilla.suse.com/1200696 SUSE Bug 1200696 Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. CVE-2021-41079 SUSE Linux Enterprise Server 12 SP4-LTSS:javapackages-tools-2.0.1-13.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-admin-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-docs-webapp-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-javadoc-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-lib-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP4-LTSS:tomcat-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:javapackages-tools-2.0.1-13.1 SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:javapackages-tools-2.0.1-13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:javapackages-tools-2.0.1-13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.36-3.71.1 SUSE OpenStack Cloud 9:javapackages-tools-2.0.1-13.1 SUSE OpenStack Cloud 9:tomcat-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-admin-webapps-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-docs-webapp-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-javadoc-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-lib-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE OpenStack Cloud 9:tomcat-webapps-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:javapackages-tools-2.0.1-13.1 SUSE OpenStack Cloud Crowbar 9:tomcat-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-admin-webapps-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-docs-webapp-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-el-3_0-api-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-javadoc-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-jsp-2_3-api-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-lib-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-servlet-4_0-api-9.0.36-3.71.1 SUSE OpenStack Cloud Crowbar 9:tomcat-webapps-9.0.36-3.71.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213602-1/ https://www.suse.com/security/cve/CVE-2021-41079.html CVE-2021-41079 https://bugzilla.suse.com/1190558 SUSE Bug 1190558