[ALSA-2025:11333] Important: tomcat security update
Type:
security
Severity:
important
Release date:
2025-07-17
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337) * tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-webapps-9.0.87-1.el8_10.4.noarch.rpm 0c884263b9c44a63da1419eb57a06a0e7ac0e0652cf762334e190cc035625949
noarch tomcat-docs-webapp-9.0.87-1.el8_10.4.noarch.rpm 197a630f1d22b8fc26f53c49d79f979a04d1112b3f9eaa85ad7a091597c018b6
noarch tomcat-jsp-2.3-api-9.0.87-1.el8_10.4.noarch.rpm 487e0e81a85b7cfe62f13b44b0655a9ef5737c4c7098448dd5d657014ba05b55
noarch tomcat-9.0.87-1.el8_10.4.noarch.rpm 4e08861c6e894ac227518940ad8ac8e499f9aafd226edfbd14bf64b10340b2ad
noarch tomcat-lib-9.0.87-1.el8_10.4.noarch.rpm 65d0de700ade5fc5ade064bcc078d376d28813f13f2f28a5deb8ea0b4c596dc9
noarch tomcat-servlet-4.0-api-9.0.87-1.el8_10.4.noarch.rpm 9864c900a3d26cc7d49bce07bbe86ade22822f39b462c42df131db57c3841a41
noarch tomcat-el-3.0-api-9.0.87-1.el8_10.4.noarch.rpm a12e4047d4d885c8506000dd9b34f2703aedb9240d4146c3cfaaac62a6609402
noarch tomcat-admin-webapps-9.0.87-1.el8_10.4.noarch.rpm f91a87779d18bbb39e6f6264d0332ce49752416ef8b703e15f8ff8a5d3a409ef
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.