SUSE-CU-2024:3786-1: Security update of containers/apache-tomcat
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Aug 16 13:20:00 UTC 2024
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:3786-1
Container Tags : containers/apache-tomcat:10-jre21 , containers/apache-tomcat:10-jre21-43.1 , containers/apache-tomcat:10.1-jre21 , containers/apache-tomcat:10.1-jre21-43.1 , containers/apache-tomcat:10.1.25-jre21 , containers/apache-tomcat:10.1.25-jre21-43.1
Container Release : 43.1
Severity : important
Type : security
References : 1154884 1154887 1175825 1180138 1197771 1227888 1228535 CVE-2019-12290
CVE-2019-18224 CVE-2020-8927 CVE-2024-6197 CVE-2024-7264
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3086-1
Released: Thu Nov 28 10:02:24 2019
Summary: Security update for libidn2
Type: security
Severity: moderate
References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224
This update for libidn2 to version 2.2.0 fixes the following issues:
- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Type: recommended
Severity: moderate
References: 1180138
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3942-1
Released: Mon Dec 6 14:46:05 2021
Summary: Security update for brotli
Type: security
Severity: moderate
References: 1175825,CVE-2020-8927
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2784-1
Released: Tue Aug 6 14:58:38 2024
Summary: Security update for curl
Type: security
Severity: important
References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)
The following package changes have been done:
- libldap-data-2.4.46-150600.23.21 added
- libssh-config-0.9.8-150600.9.1 added
- libzstd1-1.5.5-150600.1.3 added
- libsasl2-3-2.1.28-150600.5.3 added
- libnghttp2-14-1.40.0-150600.23.2 added
- libbrotlicommon1-1.0.7-3.3.1 added
- libbrotlidec1-1.0.7-3.3.1 added
- libunistring2-0.9.10-1.1 added
- libidn2-0-2.2.0-3.6.1 added
- libpsl5-0.20.1-150000.3.3.1 added
- libldap-2_4-2-2.4.46-150600.23.21 added
- libssh4-0.9.8-150600.9.1 added
- libcurl4-8.6.0-150600.4.3.1 added
- sed-4.9-150600.1.4 added
- curl-8.6.0-150600.4.3.1 added
- container:micro-image-15.6.0-47.11.7 added
- container:sles15-image-15.6.0-47.11.7 updated
- apache-commons-collections-3.2.2-150200.13.6.4 removed
- apache-commons-daemon-1.3.4-150200.11.14.1 removed
- apache-commons-dbcp-2.1.1-150200.10.8.1 removed
- apache-commons-jexl-2.1.1-150200.3.8.1 removed
- apache-commons-logging-1.2-150200.11.6.4 removed
- apache-commons-pool2-2.4.2-150200.11.8.1 removed
- cglib-3.3.0-150200.3.6.5 removed
- ecj-4.23-150200.3.12.1 removed
- file-5.32-7.14.1 removed
- fontconfig-2.14.2-150600.1.3 removed
- geronimo-jta-1_1-api-1.2-150200.15.8.1 removed
- jakarta-servlet-5.0.0-150200.5.5.1 removed
- java-21-openjdk-21.0.4.0-150600.3.3.1 removed
- java-21-openjdk-headless-21.0.4.0-150600.3.3.1 removed
- javapackages-filesystem-6.2.0-150200.3.12.1 removed
- javapackages-tools-6.2.0-150200.3.12.1 removed
- libX11-6-1.8.7-150600.1.2 removed
- libX11-data-1.8.7-150600.1.2 removed
- libXau6-1.0.8-1.26 removed
- libXext6-1.3.3-1.30 removed
- libXi6-1.7.9-3.2.1 removed
- libXrender1-0.9.10-1.30 removed
- libXtst6-1.2.3-1.24 removed
- libapr1-1.6.3-3.3.8 removed
- libasound2-1.2.10-150600.2.3 removed
- libexpat1-2.4.4-150400.3.17.1 removed
- libfontconfig1-2.14.2-150600.1.3 removed
- libfreebl3-3.101.2-150400.3.48.1 removed
- libfreetype6-2.10.4-150000.4.15.1 removed
- libgif7-5.2.2-150000.4.13.1 removed
- libjitterentropy3-3.4.1-150000.1.12.1 removed
- libjpeg8-8.2.2-150600.22.5 removed
- liblcms2-2-2.15-150600.1.5 removed
- libopenssl1_1-1.1.1w-150600.5.3.1 removed
- libpcsclite1-1.9.4-150400.3.2.1 removed
- libpng16-16-1.6.40-150600.1.3 removed
- libsoftokn3-3.101.2-150400.3.48.1 removed
- libtcnative-1-0-1.2.38-150600.14.2 removed
- libxcb1-1.13-150000.3.11.1 removed
- libxslt-tools-1.1.34-150400.3.3.1 removed
- libxslt1-1.1.34-150400.3.3.1 removed
- logrotate-3.18.1-150400.3.7.1 removed
- mozilla-nspr-4.35-150000.3.29.1 removed
- mozilla-nss-3.101.2-150400.3.48.1 removed
- mozilla-nss-certs-3.101.2-150400.3.48.1 removed
- objectweb-asm-9.7-150200.3.15.2 removed
- tomcat10-10.1.25-150200.5.25.1 removed
- tomcat10-el-5_0-api-10.1.25-150200.5.25.1 removed
- tomcat10-jsp-3_1-api-10.1.25-150200.5.25.1 removed
- tomcat10-lib-10.1.25-150200.5.25.1 removed
- tomcat10-servlet-6_0-api-10.1.25-150200.5.25.1 removed
- update-alternatives-1.19.0.4-150000.4.4.1 removed
- xz-5.4.1-150600.1.2 removed
More information about the sle-container-updates
mailing list