[ALSA-2025:7497] Moderate: tomcat security update
Type:
security
Severity:
moderate
Release date:
2025-07-02
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Apache Tomcat: Authentication bypass when using Jakarta Authentication API (CVE-2024-52316) * tomcat: Apache Tomcat: DoS in examples web application (CVE-2024-54677) * tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-webapps-10.1.36-1.el10_0.noarch.rpm 682605cafa9b7e186e4df4817f9a73e5a5cdeee241b4d37a6c2a05931ec063c9
noarch tomcat-lib-10.1.36-1.el10_0.noarch.rpm 7f26a0dd4e3b27353200bb5fceb97a24589de854d2b6487703652a54fc2762a8
noarch tomcat-admin-webapps-10.1.36-1.el10_0.noarch.rpm 81fb1786c342a295dc1658ad036603afc58f45207b9f8fa70331434990e2547a
noarch tomcat-el-5.0-api-10.1.36-1.el10_0.noarch.rpm 9a1faab42410519a576de15d8fd0e7ee811e637bc4ef7a9680696cffe37d0a2e
noarch tomcat-docs-webapp-10.1.36-1.el10_0.noarch.rpm aa2e8940747c61d410b95fa290e739d92f12bb8355f75cbc728b7fe0bc07a37a
noarch tomcat-servlet-6.0-api-10.1.36-1.el10_0.noarch.rpm b061109bc255ff0bcf7fb962103896ed71afbbf5354f445fec6dabd962cafb9f
noarch tomcat-10.1.36-1.el10_0.noarch.rpm c537f204e675fb99f007abe17e83de5cdfff94e2aa39ac4c96218794a1c9487f
noarch tomcat-jsp-3.1-api-10.1.36-1.el10_0.noarch.rpm d274238c3adfe7b418bfaa6b5f9c672bb2116e388e0804063bb76ef5b75507b7
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.