[ALSA-2024:3666] Important: tomcat security and bug fix update
Type:
security
Severity:
important
Release date:
2024-06-06
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es): * Rebase tomcat to version 9.0.87 (JIRA:AlmaLinux-35813) * Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly (JIRA:AlmaLinux-38548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-webapps-9.0.87-1.el8_10.1.alma.1.noarch.rpm 1ff32773cce5105c83c457b7ba2e261b9740a215a06c302abd11a5468ff3682a
noarch tomcat-servlet-4.0-api-9.0.87-1.el8_10.1.alma.1.noarch.rpm 3eefdfa6953c7bf0d5b41155cb73d65b2915b357a0b2da2fe42e112610d8080c
noarch tomcat-lib-9.0.87-1.el8_10.1.alma.1.noarch.rpm 692410447b47e283646811b2c01dc52cb0c6d0e1a3d40f0ddbe21fd1f7008015
noarch tomcat-docs-webapp-9.0.87-1.el8_10.1.alma.1.noarch.rpm 792e3e2da00c02575cfbf3bfad26a2a138e461b2cedfe2edd3cf3c0de08112ee
noarch tomcat-jsp-2.3-api-9.0.87-1.el8_10.1.alma.1.noarch.rpm 8c81c47b78ce8e5cb6ce97d8f42e6ac98cdd6c1e03ec6ab0c2189b581ff6f603
noarch tomcat-el-3.0-api-9.0.87-1.el8_10.1.alma.1.noarch.rpm 8f2784f9a834bcd8d272db6fa117360e616d0d0ad82e7fd2cffc98998b180a74
noarch tomcat-9.0.87-1.el8_10.1.alma.1.noarch.rpm 91d7afc92b11d177aca6ef6d0b57b49bd406b73ec4fc9a9ef60ac459be56af66
noarch tomcat-admin-webapps-9.0.87-1.el8_10.1.alma.1.noarch.rpm a00345e119cee48d48d13971b427ac714538e04deb2f402d8393583e03bd0822
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.