ELSA-2024-0474

ULN >
Oracle Linux Errata repository >
ELSA-2024-0474

ELSA-2024-0474 - tomcat security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2024-01-25

Description

[1:9.0.62-37.el9_3.1]
- Resolves: #2235370 CVE-2023-41080 tomcat: Open Redirect vulnerability in FORM authentication
- Resolves: #2243749 CVE-2023-45648 tomcat: incorrectly parsed http trailer headers can cause request smuggling
- Resolves: #2243751 CVE-2023-42794 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows
- Resolves: #2243752 CVE-2023-42795 tomcat: improper cleaning of recycled objects could lead to information leak

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	tomcat-9.0.62-37.el9_3.1.src.rpm	6218ff6e8409729a0d5f8ba67c437552	-	ol9_aarch64_appstream
	tomcat-9.0.62-37.el9_3.1.noarch.rpm	0f581651faff7796985039ba6bab32e1	-	ol9_aarch64_appstream
	tomcat-admin-webapps-9.0.62-37.el9_3.1.noarch.rpm	83d30d33e4dd38389b5e42d15ee940a6	-	ol9_aarch64_appstream
	tomcat-docs-webapp-9.0.62-37.el9_3.1.noarch.rpm	7e3e241801e33ef28b2df51e46f8d056	-	ol9_aarch64_appstream
	tomcat-el-3.0-api-9.0.62-37.el9_3.1.noarch.rpm	330e8591f0f06e8a8f90d63a462cf4a6	-	ol9_aarch64_appstream
	tomcat-jsp-2.3-api-9.0.62-37.el9_3.1.noarch.rpm	b4a416f6ec75584d7deaded09eac9b8d	-	ol9_aarch64_appstream
	tomcat-lib-9.0.62-37.el9_3.1.noarch.rpm	d9587a6d9f5f60405b7494b2b8502265	-	ol9_aarch64_appstream
	tomcat-servlet-4.0-api-9.0.62-37.el9_3.1.noarch.rpm	38370e7d3673172cec22b3425b511fa5	-	ol9_aarch64_appstream
	tomcat-webapps-9.0.62-37.el9_3.1.noarch.rpm	67dd6fdb8dd205000ef6d55ea5237ad6	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	tomcat-9.0.62-37.el9_3.1.src.rpm	6218ff6e8409729a0d5f8ba67c437552	-	ol9_x86_64_appstream
	tomcat-9.0.62-37.el9_3.1.noarch.rpm	0f581651faff7796985039ba6bab32e1	-	ol9_x86_64_appstream
	tomcat-admin-webapps-9.0.62-37.el9_3.1.noarch.rpm	83d30d33e4dd38389b5e42d15ee940a6	-	ol9_x86_64_appstream
	tomcat-docs-webapp-9.0.62-37.el9_3.1.noarch.rpm	7e3e241801e33ef28b2df51e46f8d056	-	ol9_x86_64_appstream
	tomcat-el-3.0-api-9.0.62-37.el9_3.1.noarch.rpm	330e8591f0f06e8a8f90d63a462cf4a6	-	ol9_x86_64_appstream
	tomcat-jsp-2.3-api-9.0.62-37.el9_3.1.noarch.rpm	b4a416f6ec75584d7deaded09eac9b8d	-	ol9_x86_64_appstream
	tomcat-lib-9.0.62-37.el9_3.1.noarch.rpm	d9587a6d9f5f60405b7494b2b8502265	-	ol9_x86_64_appstream
	tomcat-servlet-4.0-api-9.0.62-37.el9_3.1.noarch.rpm	38370e7d3673172cec22b3425b511fa5	-	ol9_x86_64_appstream
	tomcat-webapps-9.0.62-37.el9_3.1.noarch.rpm	67dd6fdb8dd205000ef6d55ea5237ad6	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691