ALSA-2023:5928

[ALSA-2023:5928] Important: tomcat security update

Type:

security

Severity:

important

Release date:

2023-10-20

Description:

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
noarch	tomcat-docs-webapp-9.0.62-5.el8_8.2.noarch.rpm	51c075fe41c26e3d8d8e799baa45d4ece2219a3d62886ac2365cf4dcb46916b1
noarch	tomcat-9.0.62-5.el8_8.2.noarch.rpm	89106fb3321103f102da03a6cd8ff2948e1c89476e65ac084f3b2fcfe46c0d36
noarch	tomcat-jsp-2.3-api-9.0.62-5.el8_8.2.noarch.rpm	8b8c1f7e77f2f2edb728a4d0a6a403388d5dc606c2205c192cf898aad7a2a4b8
noarch	tomcat-admin-webapps-9.0.62-5.el8_8.2.noarch.rpm	bc9448f9507c113e8d6dc1f4f6592378a5368a3b5f0eb96aee0912de0c0c0429
noarch	tomcat-webapps-9.0.62-5.el8_8.2.noarch.rpm	c2ad6c8f3df8b97a2afb6d43f00aebd1825b521c2ba07703ea7413762c784d2b
noarch	tomcat-servlet-4.0-api-9.0.62-5.el8_8.2.noarch.rpm	ca5762dc44b100abf0f89cb17cbab1eed8114551ce3c8e6dc1ab35ab3af25efb
noarch	tomcat-el-3.0-api-9.0.62-5.el8_8.2.noarch.rpm	d5c4628e001915573f8ee60ca11346d46893323a8dd17b8c30ee6fdad73dcf3f
noarch	tomcat-lib-9.0.62-5.el8_8.2.noarch.rpm	f5338717b080c4c62c82b7832c8e86200a02ff0039c84be7e0c97b8654f8ca50

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.