Bug 794548 - (CVE-2012-4534) VUL-0: CVE-2012-4534: tomcat: denial of service (High CPU load in the NIO connector, when a client breaks connection unexpectedly (apache.org bug 52858))
(CVE-2012-4534)
VUL-0: CVE-2012-4534: tomcat: denial of service (High CPU load in the NIO con...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other SLES 11
: P2 - High : Major
: ---
Assigned To: Security Team bot
Security Team bot
maint:running:50301:moderate maint:re...
: DSLA_REQUIRED
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-14 12:56 UTC by Emmanuel Rouët
Modified: 2014-07-17 09:42 UTC (History)
4 users (show)

See Also:
Found By: Customer
Services Priority: 300
Business Priority: 300
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Emmanuel Rouët 2012-12-14 12:56:10 UTC
Could the Tomcat packages in future releases of SLES have the fix from the following bug?
https://issues.apache.org/bugzilla/show_bug.cgi?id=52858
Comment 1 Michal Vyskocil 2012-12-14 20:20:52 UTC
(In reply to comment #0)
> Could the Tomcat packages in future releases of SLES have the fix from the
> following bug?
> https://issues.apache.org/bugzilla/show_bug.cgi?id=52858

Does the affected customer have L3 support? I would say tomcat6 is now L3 supported in SLE.
Comment 2 Michal Vyskocil 2012-12-18 08:50:31 UTC
Hallo Emanuel, can you provide such informations? Without knowing if any customer is affected, I cannot setup a proper priority.
Comment 3 Emmanuel Rouët 2012-12-18 10:31:48 UTC
(In reply to comment #1)

> 
> Does the affected customer have L3 support? I would say tomcat6 is now L3
> supported in SLE.

Yes, they are L3-entitled, as a PSE customer.
Comment 12 Bernhard Wiedemann 2013-01-02 14:00:09 UTC
This is an autogenerated message for OBS integration:
This bug (794548) was mentioned in
https://build.opensuse.org/request/show/146817 Maintenance /
Comment 13 Michal Vyskocil 2013-01-02 14:49:29 UTC
sent fixed packages

tomcat7:
  12.2: 146817
  factory: not needed

tomcat6 (with refreshed CVE-2012-4431.patch):
  12.1:  146828
  sle11: 23294

tomcat5 / not needed
Comment 14 Bernhard Wiedemann 2013-01-02 15:00:09 UTC
This is an autogenerated message for OBS integration:
This bug (794548) was mentioned in
https://build.opensuse.org/request/show/146828 Maintenance /
Comment 15 Bernhard Wiedemann 2013-01-09 16:00:13 UTC
This is an autogenerated message for OBS integration:
This bug (794548) was mentioned in
https://build.opensuse.org/request/show/147786 Maintenance /
Comment 16 Swamp Workflow Management 2013-02-01 11:50:04 UTC
Update released for: tomcat6, tomcat6-admin-webapps, tomcat6-docs-webapp, tomcat6-javadoc, tomcat6-jsp-2_1-api, tomcat6-lib, tomcat6-servlet-2_5-api, tomcat6-webapps
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
SUSE-MANAGER 1.2 (x86_64)
Comment 17 Swamp Workflow Management 2013-02-01 12:33:12 UTC
Update released for: tomcat6, tomcat6-admin-webapps, tomcat6-docs-webapp, tomcat6-javadoc, tomcat6-jsp-2_1-api, tomcat6-lib, tomcat6-servlet-2_5-api, tomcat6-webapps
Products:
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 19 Bernhard Wiedemann 2013-08-28 06:01:22 UTC
This is an autogenerated message for OBS integration:
This bug (794548) was mentioned in
https://build.opensuse.org/request/show/196597 Evergreen:11.2 / tomcat6
Comment 20 Bernhard Wiedemann 2013-09-11 06:02:11 UTC
This is an autogenerated message for OBS integration:
This bug (794548) was mentioned in
https://build.opensuse.org/request/show/198409 Evergreen:11.2 / tomcat6