[ALSA-2025:3683] Moderate: tomcat security update
Type:
security
Severity:
moderate
Release date:
2025-04-09
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379) * tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-webapps-9.0.87-1.el8_10.3.noarch.rpm 31f150b9066679ce59efe13e84c3a38c9d01cd645801ca958451a2382b79945c
noarch tomcat-lib-9.0.87-1.el8_10.3.noarch.rpm 455cd512e5ac489fbf1bf1669c9cf21f94a024fcea570d2c1af86c2880c38c27
noarch tomcat-jsp-2.3-api-9.0.87-1.el8_10.3.noarch.rpm 483bc58df85f76f91512e5e474d3c5842f340dd2484d34dc06070a9907e0b66d
noarch tomcat-docs-webapp-9.0.87-1.el8_10.3.noarch.rpm a99398c7ca116e8296047d9bf16b5c2eee449a13afafb3038b0445e645fa2a45
noarch tomcat-admin-webapps-9.0.87-1.el8_10.3.noarch.rpm c17bca0a4546e69104618fbc1da567aa69720579bd26046cd250019a2b4e59c1
noarch tomcat-9.0.87-1.el8_10.3.noarch.rpm c60212ee9208a51b2e9d2fb32d04caf01fd550c399ee3f5ed95de88ae246b56a
noarch tomcat-el-3.0-api-9.0.87-1.el8_10.3.noarch.rpm cf489f9f029d10da898e2c3fe995d3c754127273514c38dcc8767e408438a54a
noarch tomcat-servlet-4.0-api-9.0.87-1.el8_10.3.noarch.rpm e4a172f8b3a8fa88c7cae8148465fbe97ba51e04f542e2bcbfe165d0072f4236
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.