Bug 1203868 - (CVE-2021-43980) VUL-0: CVE-2021-43980: tomcat,tomcat6: Information disclosure
(CVE-2021-43980)
VUL-0: CVE-2021-43980: tomcat,tomcat6: Information disclosure
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Michele Bussolotto
Security Team bot
https://smash.suse.de/issue/343748/
CVSSv3.1:SUSE:CVE-2021-43980:5.9:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-29 07:30 UTC by Thomas Leroy
Modified: 2023-01-18 12:06 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-09-29 07:30:02 UTC
rh#2130599

The simplified implementation of blocking reads and writes introduced in Tomcat
10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but
extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to
10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that
could cause client connections to share an Http11Processor instance resulting in
responses, or part responses, to be received by the wrong client.

Upstream fix for 9.X:
https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2130599
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43980
https://seclists.org/oss-sec/2022/q3/238
http://www.openwall.com/lists/oss-security/2022/09/28/1
https://www.cve.org/CVERecord?id=CVE-2021-43980
https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3
Comment 1 Thomas Leroy 2022-09-29 07:30:46 UTC
Affected:
- openSUSE:Factory
- SUSE:SLE-12-SP4:Update
- SUSE:SLE-15:Update 
- SUSE:SLE-15-SP1:Update 
- SUSE:SLE-15-SP2:Update
Comment 3 Michele Bussolotto 2022-10-19 04:55:38 UTC
I'm on it. I'll try to provide a fix soon
Comment 5 Michele Bussolotto 2022-10-21 07:35:15 UTC
MRs and SR opened: 
 - openSUSE:Factory https://build.opensuse.org/request/show/1030223
 - SUSE:SLE-12-SP4:Update https://build.suse.de/request/show/282894
 - SUSE:SLE-15:Update https://build.suse.de/request/show/282866
 - SUSE:SLE-15-SP1:Update https://build.suse.de/request/show/282857
 - SUSE:SLE-15-SP2:Update https://build.suse.de/request/show/282856
Comment 6 Swamp Workflow Management 2022-11-16 14:25:42 UTC
SUSE-SU-2022:4009-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1203868
CVE References: CVE-2021-43980
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    tomcat-9.0.36-3.90.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2022-11-25 14:22:06 UTC
SUSE-SU-2022:4221-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1203868,1204918
CVE References: CVE-2021-43980,CVE-2022-42252
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    tomcat-9.0.36-150000.3.101.2
SUSE Linux Enterprise Server 15-LTSS (src):    tomcat-9.0.36-150000.3.101.2
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    tomcat-9.0.36-150000.3.101.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    tomcat-9.0.36-150000.3.101.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2022-11-28 17:23:45 UTC
SUSE-SU-2022:4257-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1203868,1204918
CVE References: CVE-2021-43980,CVE-2022-42252
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    tomcat-9.0.36-150100.4.81.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    tomcat-9.0.36-150100.4.81.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    tomcat-9.0.36-150100.4.81.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    tomcat-9.0.36-150100.4.81.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    tomcat-9.0.36-150100.4.81.1
SUSE Enterprise Storage 6 (src):    tomcat-9.0.36-150100.4.81.1
SUSE CaaS Platform 4.0 (src):    tomcat-9.0.36-150100.4.81.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.