SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3786-1 Container Tags : containers/apache-tomcat:10-jre21 , containers/apache-tomcat:10-jre21-43.1 , containers/apache-tomcat:10.1-jre21 , containers/apache-tomcat:10.1-jre21-43.1 , containers/apache-tomcat:10.1.25-jre21 , containers/apache-tomcat:10.1.25-jre21-43.1 Container Release : 43.1 Severity : important Type : security References : 1154884 1154887 1175825 1180138 1197771 1227888 1228535 CVE-2019-12290 CVE-2019-18224 CVE-2020-8927 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3942-1 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Type: security Severity: moderate References: 1175825,CVE-2020-8927 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libldap-data-2.4.46-150600.23.21 added - libssh-config-0.9.8-150600.9.1 added - libzstd1-1.5.5-150600.1.3 added - libsasl2-3-2.1.28-150600.5.3 added - libnghttp2-14-1.40.0-150600.23.2 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libunistring2-0.9.10-1.1 added - libidn2-0-2.2.0-3.6.1 added - libpsl5-0.20.1-150000.3.3.1 added - libldap-2_4-2-2.4.46-150600.23.21 added - libssh4-0.9.8-150600.9.1 added - libcurl4-8.6.0-150600.4.3.1 added - sed-4.9-150600.1.4 added - curl-8.6.0-150600.4.3.1 added - container:micro-image-15.6.0-47.11.7 added - container:sles15-image-15.6.0-47.11.7 updated - apache-commons-collections-3.2.2-150200.13.6.4 removed - apache-commons-daemon-1.3.4-150200.11.14.1 removed - apache-commons-dbcp-2.1.1-150200.10.8.1 removed - apache-commons-jexl-2.1.1-150200.3.8.1 removed - apache-commons-logging-1.2-150200.11.6.4 removed - apache-commons-pool2-2.4.2-150200.11.8.1 removed - cglib-3.3.0-150200.3.6.5 removed - ecj-4.23-150200.3.12.1 removed - file-5.32-7.14.1 removed - fontconfig-2.14.2-150600.1.3 removed - geronimo-jta-1_1-api-1.2-150200.15.8.1 removed - jakarta-servlet-5.0.0-150200.5.5.1 removed - java-21-openjdk-21.0.4.0-150600.3.3.1 removed - java-21-openjdk-headless-21.0.4.0-150600.3.3.1 removed - javapackages-filesystem-6.2.0-150200.3.12.1 removed - javapackages-tools-6.2.0-150200.3.12.1 removed - libX11-6-1.8.7-150600.1.2 removed - libX11-data-1.8.7-150600.1.2 removed - libXau6-1.0.8-1.26 removed - libXext6-1.3.3-1.30 removed - libXi6-1.7.9-3.2.1 removed - libXrender1-0.9.10-1.30 removed - libXtst6-1.2.3-1.24 removed - libapr1-1.6.3-3.3.8 removed - libasound2-1.2.10-150600.2.3 removed - libexpat1-2.4.4-150400.3.17.1 removed - libfontconfig1-2.14.2-150600.1.3 removed - libfreebl3-3.101.2-150400.3.48.1 removed - libfreetype6-2.10.4-150000.4.15.1 removed - libgif7-5.2.2-150000.4.13.1 removed - libjitterentropy3-3.4.1-150000.1.12.1 removed - libjpeg8-8.2.2-150600.22.5 removed - liblcms2-2-2.15-150600.1.5 removed - libopenssl1_1-1.1.1w-150600.5.3.1 removed - libpcsclite1-1.9.4-150400.3.2.1 removed - libpng16-16-1.6.40-150600.1.3 removed - libsoftokn3-3.101.2-150400.3.48.1 removed - libtcnative-1-0-1.2.38-150600.14.2 removed - libxcb1-1.13-150000.3.11.1 removed - libxslt-tools-1.1.34-150400.3.3.1 removed - libxslt1-1.1.34-150400.3.3.1 removed - logrotate-3.18.1-150400.3.7.1 removed - mozilla-nspr-4.35-150000.3.29.1 removed - mozilla-nss-3.101.2-150400.3.48.1 removed - mozilla-nss-certs-3.101.2-150400.3.48.1 removed - objectweb-asm-9.7-150200.3.15.2 removed - tomcat10-10.1.25-150200.5.25.1 removed - tomcat10-el-5_0-api-10.1.25-150200.5.25.1 removed - tomcat10-jsp-3_1-api-10.1.25-150200.5.25.1 removed - tomcat10-lib-10.1.25-150200.5.25.1 removed - tomcat10-servlet-6_0-api-10.1.25-150200.5.25.1 removed - update-alternatives-1.19.0.4-150000.4.4.1 removed - xz-5.4.1-150600.1.2 removed