[ALSA-2024:3307] Important: tomcat security and bug fix update
Type:
security
Severity:
important
Release date:
2024-05-28
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): * Rebase tomcat to version 9.0.87 (JIRA:AlmaLinux-34815) * Amend tomcat's changelog so that fixed CVEs are mentioned explicitly (JIRA:AlmaLinux-35328) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-admin-webapps-9.0.87-1.el9_4.1.noarch.rpm 46911e3fcb7bb32ce6d7d81c6698016965d3dfa9f3ade42b26e732dcab6e9307
noarch tomcat-lib-9.0.87-1.el9_4.1.noarch.rpm 5511b3cd77efb66f00bf306124bed6a090b4a389f4bb4e48ede9c632400d1fe6
noarch tomcat-servlet-4.0-api-9.0.87-1.el9_4.1.noarch.rpm 55f1470202d68436d5fd10ff5277d39df5927d895900c2f28f5e4a43865dff55
noarch tomcat-docs-webapp-9.0.87-1.el9_4.1.noarch.rpm 5c1c7654f603de561dd9dcb1b43070e39e7dda1bef73d488674d16b3cf4a3076
noarch tomcat-jsp-2.3-api-9.0.87-1.el9_4.1.noarch.rpm 5ef90b8d4e322bd28bc710cd268bd41d4618900d553a1a7fb0ed7ab2cce4e85b
noarch tomcat-el-3.0-api-9.0.87-1.el9_4.1.noarch.rpm 67e1fffe94eb51ff39131c4ea514e47e8b9c29a8b6f8844dedb77d5017b82a69
noarch tomcat-9.0.87-1.el9_4.1.noarch.rpm b709e0f99858126ef0e3035d83810b8e0b9345bcc35eb0c15dca2a5a5f7abc51
noarch tomcat-webapps-9.0.87-1.el9_4.1.noarch.rpm c494ce9d83a4ea89b913b175b6144beeb28fd0a6c1d8fb03ad6c108094850b51
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.