[ALSA-2024:0125] Moderate: tomcat security update
Type:
security
Severity:
moderate
Release date:
2024-01-16
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080) * tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794) * tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795) * tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-admin-webapps-9.0.62-27.el8_9.2.noarch.rpm 4864161da1a1e22f61f224538fc8791dfed985459a4cd3ded58d11dc92be7cfb
noarch tomcat-lib-9.0.62-27.el8_9.2.noarch.rpm 4e38599441facea74812da226baec5e41790fd0be146166e743a14722ac8bd5b
noarch tomcat-el-3.0-api-9.0.62-27.el8_9.2.noarch.rpm 5bf4e47c1b1e27726775a221aeaad8588ae45513ae8e3ec5c7096165693c62e2
noarch tomcat-jsp-2.3-api-9.0.62-27.el8_9.2.noarch.rpm 76816ea8850ce8cecc705e0f244aac10d368f7d2a8e8752ea59e08707e7b3f9a
noarch tomcat-docs-webapp-9.0.62-27.el8_9.2.noarch.rpm 7cd7b369ac83ea89a4f9ab948f1ca6d3a749b2ce8f507c71bd4fd047a5bb3b44
noarch tomcat-9.0.62-27.el8_9.2.noarch.rpm 857203d0d079a2219ce71224f3a7031231cf237e4f8fa4f9e06b341b54fbdbe3
noarch tomcat-webapps-9.0.62-27.el8_9.2.noarch.rpm a426eee8877b85279e1680e27222c0e0580f3dea2d10829d0035af6d22f12092
noarch tomcat-servlet-4.0-api-9.0.62-27.el8_9.2.noarch.rpm e358468d18397d19787fab8b6d30ffc9f8f5dced081ad13bb68a5b0fd2ac798f
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.