openSUSE Recommended Update: Recommended update for tomcat ______________________________________________________________________________ Announcement ID: openSUSE-RU-2020:0591-1 Rating: moderate References: #1161083 #1167438 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for tomcat fixes the following issue: Update from Tomcat 9.0.31 to Tomcat 9.0.33. - Regression in HTTP header parsing. (bsc#1167438) The update improves the validation of the HTTP header parsing causing requests to be incorrectly treated as invalid if a CRLF sequence was split between TCP packets. Has been also improved the validation of request lines, including for HTTP/0.9 requests. - Fix NoSuchMethodError in the HTTP APR connector when using openjdk 1.8. (bsc#1161083) This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-591=1 Package List: - openSUSE Leap 15.1 (noarch): tomcat-9.0.33-lp151.3.15.1 tomcat-admin-webapps-9.0.33-lp151.3.15.1 tomcat-docs-webapp-9.0.33-lp151.3.15.1 tomcat-el-3_0-api-9.0.33-lp151.3.15.1 tomcat-embed-9.0.33-lp151.3.15.1 tomcat-javadoc-9.0.33-lp151.3.15.1 tomcat-jsp-2_3-api-9.0.33-lp151.3.15.1 tomcat-jsvc-9.0.33-lp151.3.15.1 tomcat-lib-9.0.33-lp151.3.15.1 tomcat-servlet-4_0-api-9.0.33-lp151.3.15.1 tomcat-webapps-9.0.33-lp151.3.15.1 References: https://bugzilla.suse.com/1161083 https://bugzilla.suse.com/1167438