ALSA-2025:11335

[ALSA-2025:11335] Important: tomcat security update

Type:

security

Severity:

important

Release date:

2025-07-17

Description:

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.  

Security Fix(es):  

  * tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)
  * tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
noarch	tomcat-webapps-9.0.87-3.el9_6.1.noarch.rpm	281eef4bd6b16bf6eb470f47c3970df8c4a2836d3028e30a580a65e7ada60137
noarch	tomcat-servlet-4.0-api-9.0.87-3.el9_6.1.noarch.rpm	2f77795bdd90d1fe412da61d5569c0c6f4df28efef4d1a2e1df4d05b88203261
noarch	tomcat-9.0.87-3.el9_6.1.noarch.rpm	3f28b0bffd962832563895e539c63bd5f74e5b356793560472765017e3fcdc39
noarch	tomcat-docs-webapp-9.0.87-3.el9_6.1.noarch.rpm	43a12fc223d779273ea81e84f3222d95e201277edbabd0e096a865b2469e2fb5
noarch	tomcat-lib-9.0.87-3.el9_6.1.noarch.rpm	76af4613615060c07f2c5cba8447fb39aff4c16a6b29d9f1ed2e7159bbf35b51
noarch	tomcat-el-3.0-api-9.0.87-3.el9_6.1.noarch.rpm	76ebae4b3642bcd9d070c0622225bb74d863fb10967e6c30cce72588ef0b8a43
noarch	tomcat-jsp-2.3-api-9.0.87-3.el9_6.1.noarch.rpm	a00f3033de27158d1def3b40024da89c33fbffbecaba33be74116fa2c8639890
noarch	tomcat-admin-webapps-9.0.87-3.el9_6.1.noarch.rpm	c54248bc0df878433b36160be3be0e55b285dae90d13ce1a812815b56cc512af

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.