Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture |
Package |
Checksum |
noarch |
tomcat-lib-9.0.62-27.el8_9.noarch.rpm |
14b6359e629ec0849d2e580cd5321327faeb3c5eba74aa6be3e6b3247c70cadc |
noarch |
tomcat-el-3.0-api-9.0.62-27.el8_9.noarch.rpm |
44a03972b4eaf642d1e6e8715d0b790837f88e785f0e4ac7cbe5bc2a36372624 |
noarch |
tomcat-9.0.62-27.el8_9.noarch.rpm |
497dd0ada9de55fd97e3e63b9fc18d7f05df5c2f66cad55dd4ec16cd7f9d8c3f |
noarch |
tomcat-servlet-4.0-api-9.0.62-27.el8_9.noarch.rpm |
530bba12ea89b738e59e8698717224404aeb5c4f48b227c3fa05378a50932f5c |
noarch |
tomcat-webapps-9.0.62-27.el8_9.noarch.rpm |
715195428b36c15412c1050a47ae3b4621babe060a2aff2ebc5f79720135296e |
noarch |
tomcat-jsp-2.3-api-9.0.62-27.el8_9.noarch.rpm |
bbec5023ab1d444d7de8137e98a64a8c756ee35ea5b9864c1aaed30d14dc6c85 |
noarch |
tomcat-admin-webapps-9.0.62-27.el8_9.noarch.rpm |
cf4d515a1d184c362ae1e3c8826823c704e86aab1b88ba5385264a416652a391 |
noarch |
tomcat-docs-webapp-9.0.62-27.el8_9.noarch.rpm |
fa165651d08d2d36c0ce3382941f52c8353e0b8085a11b4a356fae4dc728b5e4 |