{"affected":[{"ecosystem_specific":{"binaries":[{"tomcat":"8.0.43-29.5.1","tomcat-admin-webapps":"8.0.43-29.5.1","tomcat-docs-webapp":"8.0.43-29.5.1","tomcat-el-3_0-api":"8.0.43-29.5.1","tomcat-javadoc":"8.0.43-29.5.1","tomcat-jsp-2_3-api":"8.0.43-29.5.1","tomcat-lib":"8.0.43-29.5.1","tomcat-servlet-3_1-api":"8.0.43-29.5.1","tomcat-webapps":"8.0.43-29.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"tomcat","purl":"pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.0.43-29.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"tomcat":"8.0.43-29.5.1","tomcat-admin-webapps":"8.0.43-29.5.1","tomcat-docs-webapp":"8.0.43-29.5.1","tomcat-el-3_0-api":"8.0.43-29.5.1","tomcat-javadoc":"8.0.43-29.5.1","tomcat-jsp-2_3-api":"8.0.43-29.5.1","tomcat-lib":"8.0.43-29.5.1","tomcat-servlet-3_1-api":"8.0.43-29.5.1","tomcat-webapps":"8.0.43-29.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"tomcat","purl":"pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.0.43-29.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"tomcat":"8.0.43-29.5.1","tomcat-admin-webapps":"8.0.43-29.5.1","tomcat-docs-webapp":"8.0.43-29.5.1","tomcat-el-3_0-api":"8.0.43-29.5.1","tomcat-javadoc":"8.0.43-29.5.1","tomcat-jsp-2_3-api":"8.0.43-29.5.1","tomcat-lib":"8.0.43-29.5.1","tomcat-servlet-3_1-api":"8.0.43-29.5.1","tomcat-webapps":"8.0.43-29.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"tomcat","purl":"pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.0.43-29.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"tomcat":"8.0.43-29.5.1","tomcat-admin-webapps":"8.0.43-29.5.1","tomcat-docs-webapp":"8.0.43-29.5.1","tomcat-el-3_0-api":"8.0.43-29.5.1","tomcat-javadoc":"8.0.43-29.5.1","tomcat-jsp-2_3-api":"8.0.43-29.5.1","tomcat-lib":"8.0.43-29.5.1","tomcat-servlet-3_1-api":"8.0.43-29.5.1","tomcat-webapps":"8.0.43-29.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3","name":"tomcat","purl":"pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.0.43-29.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"tomcat":"8.0.43-29.5.1","tomcat-admin-webapps":"8.0.43-29.5.1","tomcat-docs-webapp":"8.0.43-29.5.1","tomcat-el-3_0-api":"8.0.43-29.5.1","tomcat-javadoc":"8.0.43-29.5.1","tomcat-jsp-2_3-api":"8.0.43-29.5.1","tomcat-lib":"8.0.43-29.5.1","tomcat-servlet-3_1-api":"8.0.43-29.5.1","tomcat-webapps":"8.0.43-29.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"tomcat","purl":"pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.0.43-29.5.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tomcat fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. (bsc#1042910).\n- CVE-2017-7674: A CORS Filter issue could lead to client and server side cache poisoning (bsc#1053352)\n- CVE-2017-12617: A remote code execution possibility via JSP Upload was fixed (bsc#1059554)\n\n\nNon security bugs fixed:\n\n- Fix tomcat-digest classpath error (bsc#977410) \n- Fix packaged /etc/alternatives symlinks for api libs that caused\n  rpm -V to report link mismatch (bsc#1019016)\n","id":"SUSE-SU-2017:3039-1","modified":"2017-11-22T08:33:59Z","published":"2017-11-22T08:33:59Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20173039-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1019016"},{"type":"REPORT","url":"https://bugzilla.suse.com/1042910"},{"type":"REPORT","url":"https://bugzilla.suse.com/1053352"},{"type":"REPORT","url":"https://bugzilla.suse.com/1059554"},{"type":"REPORT","url":"https://bugzilla.suse.com/977410"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12617"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5664"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7674"}],"related":["CVE-2017-12617","CVE-2017-5664","CVE-2017-7674"],"summary":"Security update for tomcat","upstream":["CVE-2017-12617","CVE-2017-5664","CVE-2017-7674"]}