openSUSE Security Update : tomcat (openSUSE-SU-2013:1306-1)
Medium Nessus Plugin ID 75106
SynopsisThe remote openSUSE host is missing a security update.
DescriptionTomcat was updated to fix two security issues: CVE-2013-1976: Avoid a potential symlink race during startup of the tomcat server, where a local attacker that gaine access to the tomcat chroot could escalate privileges to root.
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x did not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
SolutionUpdate the affected tomcat packages.