ELSA-2024-0474

ULN >
Oracle Linux Errata repository >
ELSA-2024-0474

ELSA-2024-0474 - tomcat security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-01-25

Description

[1:9.0.62-37.el9_3.1]
- Resolves: #2235370 CVE-2023-41080 tomcat: Open Redirect vulnerability in FORM authentication
- Resolves: #2243749 CVE-2023-45648 tomcat: incorrectly parsed http trailer headers can cause request smuggling
- Resolves: #2243751 CVE-2023-42794 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows
- Resolves: #2243752 CVE-2023-42795 tomcat: improper cleaning of recycled objects could lead to information leak

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	tomcat-9.0.62-37.el9_3.1.src.rpm	038858df9aa2fa7e87eb28a85ba915aaf8f1cfd746a6459c092b6aa0bfba0c64	-	ol9_aarch64_appstream
	tomcat-9.0.62-37.el9_3.1.noarch.rpm	4940bc7cbbfd701a91958492676bfaee98b2df41b5e964055e946430892ec626	-	ol9_aarch64_appstream
	tomcat-admin-webapps-9.0.62-37.el9_3.1.noarch.rpm	ae7f94fe46a7146e55766c0d81dfcb0acf26ffc6b6088165b8eb600dfa171b66	-	ol9_aarch64_appstream
	tomcat-docs-webapp-9.0.62-37.el9_3.1.noarch.rpm	979e3e6f6fa4384088666cd945622bb10f73b411447b7a96e9ea564c2041b037	-	ol9_aarch64_appstream
	tomcat-el-3.0-api-9.0.62-37.el9_3.1.noarch.rpm	a63d1e8b365ae783f7a42c9fcd7a362e8bb658317d93c0991b6a19b95cded0a3	-	ol9_aarch64_appstream
	tomcat-jsp-2.3-api-9.0.62-37.el9_3.1.noarch.rpm	7c3292d5ffc918b06e1385b7fde9b48123cf79279ab0d8bd5894249837b4f3eb	-	ol9_aarch64_appstream
	tomcat-lib-9.0.62-37.el9_3.1.noarch.rpm	680786155b400852c39db189d758aa0b3ccc74d5e01eac891e355cefe7ba0e8a	-	ol9_aarch64_appstream
	tomcat-servlet-4.0-api-9.0.62-37.el9_3.1.noarch.rpm	52469e6467b7824a510ee3f2d04223a155265fc8a0cafd0d89ed360e0b514b8a	-	ol9_aarch64_appstream
	tomcat-webapps-9.0.62-37.el9_3.1.noarch.rpm	80565df6d8405ef38b7cd5061949f2b5652693f60506fc2155b4b9a6aac8bb21	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	tomcat-9.0.62-37.el9_3.1.src.rpm	038858df9aa2fa7e87eb28a85ba915aaf8f1cfd746a6459c092b6aa0bfba0c64	-	ol9_x86_64_appstream
	tomcat-9.0.62-37.el9_3.1.noarch.rpm	4940bc7cbbfd701a91958492676bfaee98b2df41b5e964055e946430892ec626	-	ol9_x86_64_appstream
	tomcat-admin-webapps-9.0.62-37.el9_3.1.noarch.rpm	ae7f94fe46a7146e55766c0d81dfcb0acf26ffc6b6088165b8eb600dfa171b66	-	ol9_x86_64_appstream
	tomcat-docs-webapp-9.0.62-37.el9_3.1.noarch.rpm	979e3e6f6fa4384088666cd945622bb10f73b411447b7a96e9ea564c2041b037	-	ol9_x86_64_appstream
	tomcat-el-3.0-api-9.0.62-37.el9_3.1.noarch.rpm	a63d1e8b365ae783f7a42c9fcd7a362e8bb658317d93c0991b6a19b95cded0a3	-	ol9_x86_64_appstream
	tomcat-jsp-2.3-api-9.0.62-37.el9_3.1.noarch.rpm	7c3292d5ffc918b06e1385b7fde9b48123cf79279ab0d8bd5894249837b4f3eb	-	ol9_x86_64_appstream
	tomcat-lib-9.0.62-37.el9_3.1.noarch.rpm	680786155b400852c39db189d758aa0b3ccc74d5e01eac891e355cefe7ba0e8a	-	ol9_x86_64_appstream
	tomcat-servlet-4.0-api-9.0.62-37.el9_3.1.noarch.rpm	52469e6467b7824a510ee3f2d04223a155265fc8a0cafd0d89ed360e0b514b8a	-	ol9_x86_64_appstream
	tomcat-webapps-9.0.62-37.el9_3.1.noarch.rpm	80565df6d8405ef38b7cd5061949f2b5652693f60506fc2155b4b9a6aac8bb21	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691