ALSA-2025:23050

[ALSA-2025:23050] Important: tomcat security update

Type:

security

Severity:

important

Release date:

2025-12-17

Description:

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.  

Security Fix(es):  

  * tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
  * tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)
  * tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
noarch	tomcat-jsp-3.1-api-10.1.36-3.el10_1.1.noarch.rpm	01dada388b365d0eb45976174f1471e01a1ee8284359bbcae29bb412878121f5
noarch	tomcat-10.1.36-3.el10_1.1.noarch.rpm	07a55d764e26d9e004d70fc379fef7418209de1477face99db96b619960aa7d6
noarch	tomcat-admin-webapps-10.1.36-3.el10_1.1.noarch.rpm	21f3f37c3745d8423496c727fcb04f0a8fa2ad26004e198354ce33048b22ba8a
noarch	tomcat-servlet-6.0-api-10.1.36-3.el10_1.1.noarch.rpm	29a540da8e70157a499d70f2c3096c7a71c293bf352100e44e8968ff05af0205
noarch	tomcat-webapps-10.1.36-3.el10_1.1.noarch.rpm	29dabddd6a274fa0409110a277087f21f2967f7b066c8597e7bddd8dbaba1ab8
noarch	tomcat-el-5.0-api-10.1.36-3.el10_1.1.noarch.rpm	5a868b537dc45b4c0aadf3689d391d23076c36eef971fc36b61f0280ee5be2e3
noarch	tomcat-lib-10.1.36-3.el10_1.1.noarch.rpm	98d17d674d7a9f674cc2c4b857bce28c7c7b538392c8cb496bdcd26e3de8c761
noarch	tomcat-docs-webapp-10.1.36-3.el10_1.1.noarch.rpm	a860665fa635eac62ac3410f7015395051c79855afd2d87fcbbfed263a2fe7db

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.