Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
This update for tomcat fixes the following issues:
- CVE-2017-5647 Pipelined requests could lead to information disclosure (bsc#1033448) - CVE-2017-5648 Untrusted application could retain listener leading to information disclosure (bsc#1033447) - CVE-2016-8745 shared Processor on Connector code could lead to information disclosure (bsc#1015119)
To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-848=1
To bring your system up-to-date, use "zypper patch".