Stay Connected:

ELSA-2023-7065

ELSA-2023-7065 - tomcat security and bug fix update

Type:SECURITY
Impact:MODERATE
Release Date:2023-11-17

Description


[1:9.0.62-27]
- Related: RHEL-12543
- Bump release number

[1:9.0.62-16]
- Resolves: RHEL-12543 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
- Remove JDK subpackges which are unused

[1:9.0.62-14]
- Related: RHEL-2330 Bump release number

[1:9.0.62-13]
- Resolves: RHEL-2330 Revert the fix for pki-servlet-engine

[1:9.0.62-12]
- Related: #2184135 Declare file conflicts

[1:9.0.62-11]
- Resolves: #2184135 Fix bug introduced in initial commit

[1:9.0.62-10]
- Resolves: #2210630 CVE-2023-28709 tomcat
- Resolves: #2181448 CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure

[1:9.0.62-9]
- Resolves: #2184135 Add Obsoletes to tomcat package

[1:9.0.62-8]
- Resolves: #2189676 Missing Tomcat POM files in RHEL 8.9

[1:9.0.62-7]
- Related: #2173874 Tomcat installs older java even though newer java is installed
- Bump release number

[1:9.0.62-6]
- Resolves: #2173874 Tomcat installs older java even though newer java is installed
- Sync with rhel-8.8.0 branch


Related CVEs


CVE-2023-28708
CVE-2023-24998
CVE-2023-28709

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) tomcat-9.0.62-27.el8_9.src.rpmf024875886662100450a4eb2da1c110375b846b8f2789c6a37d5187ceabbb993-ol8_aarch64_appstream
tomcat-9.0.62-27.el8_9.noarch.rpm9a5c7aa997a84b6291522255f79ae34564db04576c3f6eef976d8c661cc68f98-ol8_aarch64_appstream
tomcat-admin-webapps-9.0.62-27.el8_9.noarch.rpm0550f09597407123c74e3b51813d592727557f15a1dc5c88287ce3cd09d59080-ol8_aarch64_appstream
tomcat-docs-webapp-9.0.62-27.el8_9.noarch.rpme59506243e9c9b5f12bd29715cbb5af044f3163d02f5a172815c80f2b4ac0ba4-ol8_aarch64_appstream
tomcat-el-3.0-api-9.0.62-27.el8_9.noarch.rpmeb1cf4506b35726eca3d9edfe2fbcdd21d014a7ecfee00f323f0a7fcc4e2fdb1-ol8_aarch64_appstream
tomcat-jsp-2.3-api-9.0.62-27.el8_9.noarch.rpm1cd327423e38f94d4da1c17ccb31442787c0be0675d1f2114ec939dd240f9bc4-ol8_aarch64_appstream
tomcat-lib-9.0.62-27.el8_9.noarch.rpm6dc9333f3c31636ced88a8b6efe737cdeb2a10d6a1eb83ff0455aac90af5d65b-ol8_aarch64_appstream
tomcat-servlet-4.0-api-9.0.62-27.el8_9.noarch.rpmf38e4f8e22ec22ec59c071bc60c28aa235ffb37385e9cc176f034e0f1de68196-ol8_aarch64_appstream
tomcat-webapps-9.0.62-27.el8_9.noarch.rpm53f86c9d05b4a0809fd7fb03a382096fe9b42541a0d1bb5d62904c404bb3fb37-ol8_aarch64_appstream
Oracle Linux 8 (x86_64) tomcat-9.0.62-27.el8_9.src.rpmf024875886662100450a4eb2da1c110375b846b8f2789c6a37d5187ceabbb993-ol8_x86_64_appstream
tomcat-9.0.62-27.el8_9.noarch.rpm9a5c7aa997a84b6291522255f79ae34564db04576c3f6eef976d8c661cc68f98-ol8_x86_64_appstream
tomcat-admin-webapps-9.0.62-27.el8_9.noarch.rpm0550f09597407123c74e3b51813d592727557f15a1dc5c88287ce3cd09d59080-ol8_x86_64_appstream
tomcat-docs-webapp-9.0.62-27.el8_9.noarch.rpme59506243e9c9b5f12bd29715cbb5af044f3163d02f5a172815c80f2b4ac0ba4-ol8_x86_64_appstream
tomcat-el-3.0-api-9.0.62-27.el8_9.noarch.rpmeb1cf4506b35726eca3d9edfe2fbcdd21d014a7ecfee00f323f0a7fcc4e2fdb1-ol8_x86_64_appstream
tomcat-jsp-2.3-api-9.0.62-27.el8_9.noarch.rpm1cd327423e38f94d4da1c17ccb31442787c0be0675d1f2114ec939dd240f9bc4-ol8_x86_64_appstream
tomcat-lib-9.0.62-27.el8_9.noarch.rpm6dc9333f3c31636ced88a8b6efe737cdeb2a10d6a1eb83ff0455aac90af5d65b-ol8_x86_64_appstream
tomcat-servlet-4.0-api-9.0.62-27.el8_9.noarch.rpmf38e4f8e22ec22ec59c071bc60c28aa235ffb37385e9cc176f034e0f1de68196-ol8_x86_64_appstream
tomcat-webapps-9.0.62-27.el8_9.noarch.rpm53f86c9d05b4a0809fd7fb03a382096fe9b42541a0d1bb5d62904c404bb3fb37-ol8_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights