tomcat10-10.1.34-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15685 Final 1 1 2025-01-07T00:00:00Z current 2025-01-07T00:00:00Z 2025-01-07T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z tomcat10-10.1.34-1.1 on GA media These are all security issues fixed in the tomcat10-10.1.34-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15685 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-50379/ SUSE CVE CVE-2024-50379 page https://www.suse.com/security/cve/CVE-2024-54677/ SUSE CVE CVE-2024-54677 page openSUSE Tumbleweed tomcat10-10.1.34-1.1 tomcat10-admin-webapps-10.1.34-1.1 tomcat10-doc-10.1.34-1.1 tomcat10-docs-webapp-10.1.34-1.1 tomcat10-el-5_0-api-10.1.34-1.1 tomcat10-embed-10.1.34-1.1 tomcat10-jsp-3_1-api-10.1.34-1.1 tomcat10-jsvc-10.1.34-1.1 tomcat10-lib-10.1.34-1.1 tomcat10-servlet-6_0-api-10.1.34-1.1 tomcat10-webapps-10.1.34-1.1 tomcat10-10.1.34-1.1 as a component of openSUSE Tumbleweed tomcat10-admin-webapps-10.1.34-1.1 as a component of openSUSE Tumbleweed tomcat10-doc-10.1.34-1.1 as a component of openSUSE Tumbleweed tomcat10-docs-webapp-10.1.34-1.1 as a component of openSUSE Tumbleweed tomcat10-el-5_0-api-10.1.34-1.1 as a component of openSUSE Tumbleweed tomcat10-embed-10.1.34-1.1 as a component of openSUSE Tumbleweed tomcat10-jsp-3_1-api-10.1.34-1.1 as a component of openSUSE Tumbleweed tomcat10-jsvc-10.1.34-1.1 as a component of openSUSE Tumbleweed tomcat10-lib-10.1.34-1.1 as a component of openSUSE Tumbleweed tomcat10-servlet-6_0-api-10.1.34-1.1 as a component of openSUSE Tumbleweed tomcat10-webapps-10.1.34-1.1 as a component of openSUSE Tumbleweed Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. CVE-2024-50379 openSUSE Tumbleweed:tomcat10-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-doc-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-embed-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-jsvc-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-lib-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-webapps-10.1.34-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-50379.html CVE-2024-50379 https://bugzilla.suse.com/1234663 SUSE Bug 1234663 Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. CVE-2024-54677 openSUSE Tumbleweed:tomcat10-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-doc-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-embed-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-jsvc-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-lib-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.34-1.1 openSUSE Tumbleweed:tomcat10-webapps-10.1.34-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-54677.html CVE-2024-54677 https://bugzilla.suse.com/1234664 SUSE Bug 1234664