regarding CVE-2020-8022 applicable to tomcat 8.5.57

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

regarding CVE-2020-8022 applicable to tomcat 8.5.57

Rathore, Rajendra

Hi Team,

Please let me know whether CVE-2020-8022 applicable to tomcat 8.5.57 or not, if yes please let me know which release we fixing it.

Thanks and Regards,
Rajendra Rathore
9922701491

Reply | Threaded
Open this post in threaded view
|

Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57

Olaf Kock

On 02.09.20 10:16, Rathore, Rajendra wrote:
> Please let me know whether CVE-2020-8022 applicable to tomcat 8.5.57 or not, if yes please let me know which release we fixing it.


The CVE states:

"A Incorrect Default Permissions vulnerability in the *packaging of
tomcat* on SUSE Enterprise Storage 5"

i.e. it's rather SUSE's packaging than tomcat itself. Correct me if I'm
wrong.

If you're running any SUSE system, here are the releases that *they*
fixed it: https://www.suse.com/de-de/security/cve/CVE-2020-8022/

I don't expect any update from the generic Apache distribution of Tomcat
for this CVE, unless I've missed some information that was well hidden
in the multitude of mentioned SUSE products in that report.

Olaf



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57

markt
On 02/09/2020 09:28, Olaf Kock wrote:

>
> On 02.09.20 10:16, Rathore, Rajendra wrote:
>> Please let me know whether CVE-2020-8022 applicable to tomcat 8.5.57 or not, if yes please let me know which release we fixing it.
>
>
> The CVE states:
>
> "A Incorrect Default Permissions vulnerability in the *packaging of
> tomcat* on SUSE Enterprise Storage 5"
>
> i.e. it's rather SUSE's packaging than tomcat itself. Correct me if I'm
> wrong.
>
> If you're running any SUSE system, here are the releases that *they*
> fixed it: https://www.suse.com/de-de/security/cve/CVE-2020-8022/
>
> I don't expect any update from the generic Apache distribution of Tomcat
> for this CVE, unless I've missed some information that was well hidden
> in the multitude of mentioned SUSE products in that report.

Correct. This is a SUSE issue, not a Tomcat issue.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]