[ALSA-2024:0474] Moderate: tomcat security update
Type:
security
Severity:
moderate
Release date:
2024-01-25
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080) * tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794) * tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795) * tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-jsp-2.3-api-9.0.62-37.el9_3.1.noarch.rpm 0740bf8f9f669285ab9f32acbd00c60ffdac9f643ec7ca257797f3878748a606
noarch tomcat-docs-webapp-9.0.62-37.el9_3.1.noarch.rpm 0f6fcc41fecfff1c5e74ab45f73d3c93f3b1b8e15f08198de22581f7ea5de756
noarch tomcat-webapps-9.0.62-37.el9_3.1.noarch.rpm 1054d85fbdd1f970e62f81799df523b5dd9fb5e86bff51f2601a8f227150082d
noarch tomcat-el-3.0-api-9.0.62-37.el9_3.1.noarch.rpm 1883c285bd8f86d8e5937477b56d687bc781b12c01195108be1b7586b4a2e786
noarch tomcat-servlet-4.0-api-9.0.62-37.el9_3.1.noarch.rpm 2629dc7851140c221fa3f6c19cb521e5b4ae5e17120c92a84370d043d45395c7
noarch tomcat-lib-9.0.62-37.el9_3.1.noarch.rpm bb84943939e62408a8f8c11586a47d1d715b85c5b38eeb8227b6f8eabd3ff37b
noarch tomcat-9.0.62-37.el9_3.1.noarch.rpm fb4fad075c4f5f58f1840ba3f384c5716ed00ca0bc5e64780f0502acdd08e1a6
noarch tomcat-admin-webapps-9.0.62-37.el9_3.1.noarch.rpm fb6cdc5d8a141074745d75390ee119a99b6f7727246c901d2128b8f6ecd0271f
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.