ELSA-2023-7065

ULN >
Oracle Linux Errata repository >
ELSA-2023-7065

ELSA-2023-7065 - tomcat security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2023-11-17

Description

[1:9.0.62-27]
- Related: RHEL-12543
- Bump release number

[1:9.0.62-16]
- Resolves: RHEL-12543 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
- Remove JDK subpackges which are unused

[1:9.0.62-14]
- Related: RHEL-2330 Bump release number

[1:9.0.62-13]
- Resolves: RHEL-2330 Revert the fix for pki-servlet-engine

[1:9.0.62-12]
- Related: #2184135 Declare file conflicts

[1:9.0.62-11]
- Resolves: #2184135 Fix bug introduced in initial commit

[1:9.0.62-10]
- Resolves: #2210630 CVE-2023-28709 tomcat
- Resolves: #2181448 CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure

[1:9.0.62-9]
- Resolves: #2184135 Add Obsoletes to tomcat package

[1:9.0.62-8]
- Resolves: #2189676 Missing Tomcat POM files in RHEL 8.9

[1:9.0.62-7]
- Related: #2173874 Tomcat installs older java even though newer java is installed
- Bump release number

[1:9.0.62-6]
- Resolves: #2173874 Tomcat installs older java even though newer java is installed
- Sync with rhel-8.8.0 branch

Related CVEs

CVE-2023-28708

CVE-2023-24998

CVE-2023-28709

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	tomcat-9.0.62-27.el8_9.src.rpm	e389a6d00800a2b0606f32a68d8ebc39	-	ol8_aarch64_appstream
	tomcat-9.0.62-27.el8_9.noarch.rpm	cf226f8ae24871a392629f744211e40f	-	ol8_aarch64_appstream
	tomcat-admin-webapps-9.0.62-27.el8_9.noarch.rpm	e9f7f1f74157e2a21ab6265c4fbf815f	-	ol8_aarch64_appstream
	tomcat-docs-webapp-9.0.62-27.el8_9.noarch.rpm	d90c4723ca1b19c88c65a344bb911991	-	ol8_aarch64_appstream
	tomcat-el-3.0-api-9.0.62-27.el8_9.noarch.rpm	70f1a82b8bf673e4e96251cbcf62eb63	-	ol8_aarch64_appstream
	tomcat-jsp-2.3-api-9.0.62-27.el8_9.noarch.rpm	83e330bad3dae3c3ffea03b8acd13566	-	ol8_aarch64_appstream
	tomcat-lib-9.0.62-27.el8_9.noarch.rpm	580ef2109130f0329dfc262d08498b78	-	ol8_aarch64_appstream
	tomcat-servlet-4.0-api-9.0.62-27.el8_9.noarch.rpm	99bd24a5a2ad5ab1fb78bf9c12ceca4d	-	ol8_aarch64_appstream
	tomcat-webapps-9.0.62-27.el8_9.noarch.rpm	3a3f342d39f53fdf844ce55c9d994f50	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	tomcat-9.0.62-27.el8_9.src.rpm	e389a6d00800a2b0606f32a68d8ebc39	-	ol8_x86_64_appstream
	tomcat-9.0.62-27.el8_9.noarch.rpm	cf226f8ae24871a392629f744211e40f	-	ol8_x86_64_appstream
	tomcat-admin-webapps-9.0.62-27.el8_9.noarch.rpm	e9f7f1f74157e2a21ab6265c4fbf815f	-	ol8_x86_64_appstream
	tomcat-docs-webapp-9.0.62-27.el8_9.noarch.rpm	d90c4723ca1b19c88c65a344bb911991	-	ol8_x86_64_appstream
	tomcat-el-3.0-api-9.0.62-27.el8_9.noarch.rpm	70f1a82b8bf673e4e96251cbcf62eb63	-	ol8_x86_64_appstream
	tomcat-jsp-2.3-api-9.0.62-27.el8_9.noarch.rpm	83e330bad3dae3c3ffea03b8acd13566	-	ol8_x86_64_appstream
	tomcat-lib-9.0.62-27.el8_9.noarch.rpm	580ef2109130f0329dfc262d08498b78	-	ol8_x86_64_appstream
	tomcat-servlet-4.0-api-9.0.62-27.el8_9.noarch.rpm	99bd24a5a2ad5ab1fb78bf9c12ceca4d	-	ol8_x86_64_appstream
	tomcat-webapps-9.0.62-27.el8_9.noarch.rpm	3a3f342d39f53fdf844ce55c9d994f50	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691