ELSA-2024-0125

ULN >
Oracle Linux Errata repository >
ELSA-2024-0125

ELSA-2024-0125 - tomcat security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2024-01-11

Description

[1:9.0.62-27.2]
- Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
- FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
- improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
- incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	tomcat-9.0.62-27.el8_9.2.src.rpm	4578c87a531fed2e253c5b29fce55804	-	ol8_aarch64_appstream
	tomcat-9.0.62-27.el8_9.2.noarch.rpm	921b971a7c34ff67e130a1b626574d43	-	ol8_aarch64_appstream
	tomcat-admin-webapps-9.0.62-27.el8_9.2.noarch.rpm	823aa358cebd7910a422d90df1145929	-	ol8_aarch64_appstream
	tomcat-docs-webapp-9.0.62-27.el8_9.2.noarch.rpm	77e68f4e4a8b0054ada7e725f00db7d2	-	ol8_aarch64_appstream
	tomcat-el-3.0-api-9.0.62-27.el8_9.2.noarch.rpm	211daa4b3f136bf84d4e2b906cfc4600	-	ol8_aarch64_appstream
	tomcat-jsp-2.3-api-9.0.62-27.el8_9.2.noarch.rpm	0c9bdcffc1136dadff33092b63c76270	-	ol8_aarch64_appstream
	tomcat-lib-9.0.62-27.el8_9.2.noarch.rpm	e8259c44d34d7e0a338305fd413684d1	-	ol8_aarch64_appstream
	tomcat-servlet-4.0-api-9.0.62-27.el8_9.2.noarch.rpm	519479955ef81c62beb0e48ddf950782	-	ol8_aarch64_appstream
	tomcat-webapps-9.0.62-27.el8_9.2.noarch.rpm	42b52ca37fc87cb198dbb975b0e7220a	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	tomcat-9.0.62-27.el8_9.2.src.rpm	4578c87a531fed2e253c5b29fce55804	-	ol8_x86_64_appstream
	tomcat-9.0.62-27.el8_9.2.noarch.rpm	921b971a7c34ff67e130a1b626574d43	-	ol8_x86_64_appstream
	tomcat-admin-webapps-9.0.62-27.el8_9.2.noarch.rpm	823aa358cebd7910a422d90df1145929	-	ol8_x86_64_appstream
	tomcat-docs-webapp-9.0.62-27.el8_9.2.noarch.rpm	77e68f4e4a8b0054ada7e725f00db7d2	-	ol8_x86_64_appstream
	tomcat-el-3.0-api-9.0.62-27.el8_9.2.noarch.rpm	211daa4b3f136bf84d4e2b906cfc4600	-	ol8_x86_64_appstream
	tomcat-jsp-2.3-api-9.0.62-27.el8_9.2.noarch.rpm	0c9bdcffc1136dadff33092b63c76270	-	ol8_x86_64_appstream
	tomcat-lib-9.0.62-27.el8_9.2.noarch.rpm	e8259c44d34d7e0a338305fd413684d1	-	ol8_x86_64_appstream
	tomcat-servlet-4.0-api-9.0.62-27.el8_9.2.noarch.rpm	519479955ef81c62beb0e48ddf950782	-	ol8_x86_64_appstream
	tomcat-webapps-9.0.62-27.el8_9.2.noarch.rpm	42b52ca37fc87cb198dbb975b0e7220a	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691