[ALSA-2023:7065] Moderate: tomcat security and bug fix update
Type:
security
Severity:
moderate
Release date:
2023-11-23
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998) * tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708) * tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-lib-9.0.62-27.el8_9.noarch.rpm 14b6359e629ec0849d2e580cd5321327faeb3c5eba74aa6be3e6b3247c70cadc
noarch tomcat-el-3.0-api-9.0.62-27.el8_9.noarch.rpm 44a03972b4eaf642d1e6e8715d0b790837f88e785f0e4ac7cbe5bc2a36372624
noarch tomcat-9.0.62-27.el8_9.noarch.rpm 497dd0ada9de55fd97e3e63b9fc18d7f05df5c2f66cad55dd4ec16cd7f9d8c3f
noarch tomcat-servlet-4.0-api-9.0.62-27.el8_9.noarch.rpm 530bba12ea89b738e59e8698717224404aeb5c4f48b227c3fa05378a50932f5c
noarch tomcat-webapps-9.0.62-27.el8_9.noarch.rpm 715195428b36c15412c1050a47ae3b4621babe060a2aff2ebc5f79720135296e
noarch tomcat-jsp-2.3-api-9.0.62-27.el8_9.noarch.rpm bbec5023ab1d444d7de8137e98a64a8c756ee35ea5b9864c1aaed30d14dc6c85
noarch tomcat-admin-webapps-9.0.62-27.el8_9.noarch.rpm cf4d515a1d184c362ae1e3c8826823c704e86aab1b88ba5385264a416652a391
noarch tomcat-docs-webapp-9.0.62-27.el8_9.noarch.rpm fa165651d08d2d36c0ce3382941f52c8353e0b8085a11b4a356fae4dc728b5e4
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.