Updated tomcat packages fix security vulnerabilityPublication date: 10 Jan 2021
Affected Mageia releases : 7
While investigating Apache issue 64830 it was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests (CVE-2020-17527). The tomcat package has been updated to version 9.0.39, and patched to fix this issue.