[ALSA-2023:6570] Moderate: tomcat security and bug fix update
Type:
security
Severity:
moderate
Release date:
2023-11-14
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998) * tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708) * tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-9.0.62-37.el9_3.noarch.rpm 3243a5704e3756790a643180f73e6db416803a40c8121a29b02b63f7c09f15b4
noarch tomcat-docs-webapp-9.0.62-37.el9_3.noarch.rpm 631738483d1c8a4a83ce44a7c2dfbbe6629f04d2ae1669f548f08310077b32dc
noarch tomcat-admin-webapps-9.0.62-37.el9_3.noarch.rpm 7dbf1bd58a807f362e68132507b310d6a9d71b02568d2442aa26c7f8d2161d49
noarch tomcat-el-3.0-api-9.0.62-37.el9_3.noarch.rpm 9c937a2e67dd58371fd0ea3f9fdc0505c7fdc3aff6a521207c3ebe86879f7243
noarch tomcat-webapps-9.0.62-37.el9_3.noarch.rpm b2b91cde77fa70d9f73654a89078e535a3d9bce64b1b28a06c3032707dc73089
noarch tomcat-lib-9.0.62-37.el9_3.noarch.rpm b88307c078e6c360f31cf6274204b4c117363cd36c0daf1067805a883bd79f34
noarch tomcat-jsp-2.3-api-9.0.62-37.el9_3.noarch.rpm c1a61b95274a92645b2a93cb200d35d5b7a06654261aca78c9684364381edfd4
noarch tomcat-servlet-4.0-api-9.0.62-37.el9_3.noarch.rpm d4cde5b93ec9345cd3b3d3c8b851be99c6dcb7cdccc234e588f8045c52a56faa
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.