Security update for tomcat
This update for tomcat to version 9.0.21 fixes the following issues:
Security issues fixed:
- CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to
streams with excessive numbers of SETTINGS frames (bsc#1131055).
- CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI printenv command (bsc#1136085).
Non-security issues fixed:
- Increase maximum number of threads and open files for tomcat (bsc#1111966).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
-
Submitted by
Matei Albu (mateialbu)
Fixed bugs
bnc#1136085
VUL-0: CVE-2019-0221: tomcat: XSS in SSI printenv
bnc#1111966
hanging SUSE Manager gui due to lack of open files
bnc#1131055
VUL-0: CVE-2019-0199: tomcat: Apache Tomcat HTTP/2 DoS
