ELSA-2024-0125

ULN >
Oracle Linux Errata repository >
ELSA-2024-0125

ELSA-2024-0125 - tomcat security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-01-11

Description

[1:9.0.62-27.2]
- Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
- FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
- improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
- incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	tomcat-9.0.62-27.el8_9.2.src.rpm	05bbfaa946c785fe9d6f1c602f5e6f6cef5df84ead0c646a0ccba0283227f542	-	ol8_aarch64_appstream
	tomcat-9.0.62-27.el8_9.2.noarch.rpm	a6b9aa82bfe302d912ac6e60787b0180c7b88175812e24428bfba218fcc8a895	-	ol8_aarch64_appstream
	tomcat-admin-webapps-9.0.62-27.el8_9.2.noarch.rpm	386a9ebdb565f0c1a0d76647c9cae994c40357f846aaf70ae5a5d9065b5333f1	-	ol8_aarch64_appstream
	tomcat-docs-webapp-9.0.62-27.el8_9.2.noarch.rpm	24ae6884a8b1947991946ee33276ad6786dd96106346e2e1c32d2f912254fe6b	-	ol8_aarch64_appstream
	tomcat-el-3.0-api-9.0.62-27.el8_9.2.noarch.rpm	ec7093d5b1a2d2147f04336fb86e4b1cfe7f0f6541fb4035dc3629acf1ad5e26	-	ol8_aarch64_appstream
	tomcat-jsp-2.3-api-9.0.62-27.el8_9.2.noarch.rpm	25f5df940beafc55c8e0da91911dc85355ea56d25a0989823dd477a255c4c2d9	-	ol8_aarch64_appstream
	tomcat-lib-9.0.62-27.el8_9.2.noarch.rpm	0137b05e95ed762d6acc7b5e2731037ec707e355ddd6d91613af132e523fea0c	-	ol8_aarch64_appstream
	tomcat-servlet-4.0-api-9.0.62-27.el8_9.2.noarch.rpm	bf919743db4d5815f3e6fa7bca73850d7d886798324426a026eb2f2acf9d682f	-	ol8_aarch64_appstream
	tomcat-webapps-9.0.62-27.el8_9.2.noarch.rpm	9aa9dc148dab9d825588b1a1982300e5cc12ff280ef5920cda7b55aedd4446ed	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	tomcat-9.0.62-27.el8_9.2.src.rpm	05bbfaa946c785fe9d6f1c602f5e6f6cef5df84ead0c646a0ccba0283227f542	-	ol8_x86_64_appstream
	tomcat-9.0.62-27.el8_9.2.noarch.rpm	a6b9aa82bfe302d912ac6e60787b0180c7b88175812e24428bfba218fcc8a895	-	ol8_x86_64_appstream
	tomcat-admin-webapps-9.0.62-27.el8_9.2.noarch.rpm	386a9ebdb565f0c1a0d76647c9cae994c40357f846aaf70ae5a5d9065b5333f1	-	ol8_x86_64_appstream
	tomcat-docs-webapp-9.0.62-27.el8_9.2.noarch.rpm	24ae6884a8b1947991946ee33276ad6786dd96106346e2e1c32d2f912254fe6b	-	ol8_x86_64_appstream
	tomcat-el-3.0-api-9.0.62-27.el8_9.2.noarch.rpm	ec7093d5b1a2d2147f04336fb86e4b1cfe7f0f6541fb4035dc3629acf1ad5e26	-	ol8_x86_64_appstream
	tomcat-jsp-2.3-api-9.0.62-27.el8_9.2.noarch.rpm	25f5df940beafc55c8e0da91911dc85355ea56d25a0989823dd477a255c4c2d9	-	ol8_x86_64_appstream
	tomcat-lib-9.0.62-27.el8_9.2.noarch.rpm	0137b05e95ed762d6acc7b5e2731037ec707e355ddd6d91613af132e523fea0c	-	ol8_x86_64_appstream
	tomcat-servlet-4.0-api-9.0.62-27.el8_9.2.noarch.rpm	bf919743db4d5815f3e6fa7bca73850d7d886798324426a026eb2f2acf9d682f	-	ol8_x86_64_appstream
	tomcat-webapps-9.0.62-27.el8_9.2.noarch.rpm	9aa9dc148dab9d825588b1a1982300e5cc12ff280ef5920cda7b55aedd4446ed	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691