ELSA-2024-3666

ULN >
Oracle Linux Errata repository >
ELSA-2024-3666

ELSA-2024-3666 - tomcat security and bug fix update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2024-06-06

Description

[1:9.0.87-1.el8_10.1]
- Resolves: RHEL-38548 - Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly
- Resolves: RHEL-35813 - Rebase tomcat to version 9.0.87
- Resolves: RHEL-29255
tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)
- Resolves: RHEL-29250
tomcat: Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)

Related CVEs

CVE-2024-23672

CVE-2024-24549

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	tomcat-9.0.87-1.el8_10.1.src.rpm	d4941b015500e235a9420e6cd178e3b204377f4682df9d3239a234e540e38b2c	-	ol8_aarch64_appstream
	tomcat-9.0.87-1.el8_10.1.noarch.rpm	7de3d3e235b949c0328227d3056e6dea6cd236edd681cab5a152e1ce8eed03d2	-	ol8_aarch64_appstream
	tomcat-admin-webapps-9.0.87-1.el8_10.1.noarch.rpm	30341fa24e698768a74587cc66c29ec9434ca774907465b0c823527835f2ad07	-	ol8_aarch64_appstream
	tomcat-docs-webapp-9.0.87-1.el8_10.1.noarch.rpm	4294b35bb7596f797144d8abbf001e9a98146711fb6c7ec1ea24c89bf7d970d2	-	ol8_aarch64_appstream
	tomcat-el-3.0-api-9.0.87-1.el8_10.1.noarch.rpm	889bec7509c48a002c0dcff44c4620366749fe7a98259f9fa0edbd90328c303f	-	ol8_aarch64_appstream
	tomcat-jsp-2.3-api-9.0.87-1.el8_10.1.noarch.rpm	5306d73b44ba6a8de664ade02faf6bfd4f28ffd17678ca73748ea82c609c0997	-	ol8_aarch64_appstream
	tomcat-lib-9.0.87-1.el8_10.1.noarch.rpm	558f615aee2de217c2ba5eeae0c122e4c678fcc8dedf42196f29c4a748aa062a	-	ol8_aarch64_appstream
	tomcat-servlet-4.0-api-9.0.87-1.el8_10.1.noarch.rpm	be3a936bc8813dff14ceed84ed6a99d310f87205f31dde80e8eaee1fd535bcd0	-	ol8_aarch64_appstream
	tomcat-webapps-9.0.87-1.el8_10.1.noarch.rpm	0a1ef8d2f0fed2c20f57a26d4407cf29984406b88e97c311c9e7393f7663dfcf	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	tomcat-9.0.87-1.el8_10.1.src.rpm	d4941b015500e235a9420e6cd178e3b204377f4682df9d3239a234e540e38b2c	-	ol8_x86_64_appstream
	tomcat-9.0.87-1.el8_10.1.noarch.rpm	7de3d3e235b949c0328227d3056e6dea6cd236edd681cab5a152e1ce8eed03d2	-	ol8_x86_64_appstream
	tomcat-admin-webapps-9.0.87-1.el8_10.1.noarch.rpm	30341fa24e698768a74587cc66c29ec9434ca774907465b0c823527835f2ad07	-	ol8_x86_64_appstream
	tomcat-docs-webapp-9.0.87-1.el8_10.1.noarch.rpm	4294b35bb7596f797144d8abbf001e9a98146711fb6c7ec1ea24c89bf7d970d2	-	ol8_x86_64_appstream
	tomcat-el-3.0-api-9.0.87-1.el8_10.1.noarch.rpm	889bec7509c48a002c0dcff44c4620366749fe7a98259f9fa0edbd90328c303f	-	ol8_x86_64_appstream
	tomcat-jsp-2.3-api-9.0.87-1.el8_10.1.noarch.rpm	5306d73b44ba6a8de664ade02faf6bfd4f28ffd17678ca73748ea82c609c0997	-	ol8_x86_64_appstream
	tomcat-lib-9.0.87-1.el8_10.1.noarch.rpm	558f615aee2de217c2ba5eeae0c122e4c678fcc8dedf42196f29c4a748aa062a	-	ol8_x86_64_appstream
	tomcat-servlet-4.0-api-9.0.87-1.el8_10.1.noarch.rpm	be3a936bc8813dff14ceed84ed6a99d310f87205f31dde80e8eaee1fd535bcd0	-	ol8_x86_64_appstream
	tomcat-webapps-9.0.87-1.el8_10.1.noarch.rpm	0a1ef8d2f0fed2c20f57a26d4407cf29984406b88e97c311c9e7393f7663dfcf	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691