Chapter 4. Security Fixes

This update includes fixes for the following security related issues:

IDImpactSummary

CVE-2018-5407

Moderate

openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)

CVE-2019-0199

Important

tomcat: Apache Tomcat HTTP/2 DoS

CVE-2019-0221

Low

XSS in SSI printenv

CVE-2019-0232

Important

tomcat: Remote Code Execution on Windows

CVE-2019-1559

Moderate

openssl: 0-byte record padding oracle

CVE-2019-10072

Moderate

tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199