[ALSA-2025:3645] Moderate: tomcat security update
Type:
security
Severity:
moderate
Release date:
2025-04-08
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379) * tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-servlet-4.0-api-9.0.87-2.el9_5.1.noarch.rpm 729d9fbc08b043b7f408495a8c4e31143cddcef86f382900b746df29b1e93845
noarch tomcat-jsp-2.3-api-9.0.87-2.el9_5.1.noarch.rpm 79d5f8c42f520617044e5773b6665f862b66ebc476d0ab58f05c4056c355ca55
noarch tomcat-admin-webapps-9.0.87-2.el9_5.1.noarch.rpm 8bb0639695bcd28987ad4137f5570be96942f2e9497acac6ed14dc1dbc1bac09
noarch tomcat-el-3.0-api-9.0.87-2.el9_5.1.noarch.rpm 95aa1c5351ece31f53442ce78dac002564770fd9748249534c060bb3669d79f8
noarch tomcat-lib-9.0.87-2.el9_5.1.noarch.rpm bf01263d71e29a5ed32248056bfd6293c60a73fda5a9393f9cb38bf18aa984ae
noarch tomcat-9.0.87-2.el9_5.1.noarch.rpm ddd3e00b02bdd79ec60ddf015bc84916ca70641171ef7c77cd97b03484cbcb82
noarch tomcat-docs-webapp-9.0.87-2.el9_5.1.noarch.rpm f03f7aceb10d8eb675f094f375d2c231842873446c783170df1e3699c4f0b49d
noarch tomcat-webapps-9.0.87-2.el9_5.1.noarch.rpm fdb83b9e6370a484eba526ff08b0b8384e11c8654e28006300a8ba219191d33a
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.