SUSE-CU-2024:6095-1: Security update of containers/apache-tomcat

[sle-container-updates at lists.suse.com]

SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:6095-1
Container Tags        : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.97-openjdk8 , containers/apache-tomcat:9.0.97-openjdk8-60.2
Container Release     : 60.2
Severity              : moderate
Type                  : security
References            : 1231702 1231711 1231716 1231719 CVE-2024-21208 CVE-2024-21210
                        CVE-2024-21217 CVE-2024-21235 
-----------------------------------------------------------------

The container containers/apache-tomcat was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4202-1
Released:    Thu Dec  5 15:03:04 2024
Summary:     Security update for java-1_8_0-openjdk
Type:        security
Severity:    moderate
References:  1231702,1231711,1231716,1231719,CVE-2024-21208,CVE-2024-21210,CVE-2024-21217,CVE-2024-21235
This update for java-1_8_0-openjdk fixes the following issues:

Update to version jdk8u432 (icedtea-3.33.0):
- CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702,JDK-8328286)
- CVE-2024-21210: Fixed unauthorized update, insert or delete access to some of Oracle Java SE accessible data in component Hotspot (bsc#1231711,JDK-8328544)
- CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716,JDK-8331446)
- CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719,JDK-8332644)


The following package changes have been done:

- java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 updated
- java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 updated