[ALSA-2023:5929] Important: tomcat security update
Type:
security
Severity:
important
Release date:
2023-10-20
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-docs-webapp-9.0.62-11.el9_2.3.noarch.rpm 15052a457e5a02c13b632e40d663552c7eeaa43949f4188f913d5fcc35530961
noarch tomcat-lib-9.0.62-11.el9_2.3.noarch.rpm 2840a620c450c5cc1f26d502731a50db4f9a87765500b20e82b585ffd3f75a3b
noarch tomcat-9.0.62-11.el9_2.3.noarch.rpm 3f046469ad314431c93dbeee6b078949c4b9196c11e29e9ccf9afe0dd9cddcc2
noarch tomcat-webapps-9.0.62-11.el9_2.3.noarch.rpm 5e8cc805aa41b20d650fa527d072c026129eb795df7176522e4d03c271443686
noarch tomcat-jsp-2.3-api-9.0.62-11.el9_2.3.noarch.rpm 87ec492c0f03a96fab9e1ce8e7101eeb3d678e793faab35a1f1b75e6367912fd
noarch tomcat-admin-webapps-9.0.62-11.el9_2.3.noarch.rpm c54b65accf697229b7c23a36122c4b44acb172c36a1e60d13488c6099d47daa0
noarch tomcat-servlet-4.0-api-9.0.62-11.el9_2.3.noarch.rpm ddf0cc650d2bc16bdf0aa3074264608925c24fe8e34cc61e5a7db3d11d1a1444
noarch tomcat-el-3.0-api-9.0.62-11.el9_2.3.noarch.rpm e6f600319b870be925018c7741b514a3a49670686a5938608e844ea170397251
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.