ELSA-2025-11332

ULN >
Oracle Linux Errata repository >
ELSA-2025-11332

ELSA-2025-11332 - tomcat9 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-07-17

Description

[1:9.0.87-5.1]
- Resolves: RHEL-91765
tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
- Resolves: RHEL-71981
tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)

Related CVEs

CVE-2025-31650

CVE-2024-56337

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 10 (aarch64)	tomcat9-9.0.87-5.el10_0.1.src.rpm	c0debf10eaec17108ec5045c734ceb98f2793f49f198bbd69abe26e7a6919060	-	ol10_aarch64_appstream
	tomcat9-9.0.87-5.el10_0.1.noarch.rpm	7b06ec5a1ef958df0a3a20df9826432a179b39dbf3218ea1059350a2637c1af8	-	ol10_aarch64_appstream
	tomcat9-admin-webapps-9.0.87-5.el10_0.1.noarch.rpm	417b8d62039d1544a4cb262c2b92fcf338f7b50c29a8b9d73413db084f90ad79	-	ol10_aarch64_appstream
	tomcat9-docs-webapp-9.0.87-5.el10_0.1.noarch.rpm	bb7c4a0dd19ca858b6ff9dea7b24e77721a31a7089ca5799fb281f3fcffe9d0e	-	ol10_aarch64_appstream
	tomcat9-el-3.0-api-9.0.87-5.el10_0.1.noarch.rpm	e3b980ad0771b4e71a083cdc478f5ca553011320f1fb5beb7dae6d7bba3356d9	-	ol10_aarch64_appstream
	tomcat9-jsp-2.3-api-9.0.87-5.el10_0.1.noarch.rpm	2b566c6ebab68b3f138c1bbd54408a981223c8f1336edfb143bb87ad3f206772	-	ol10_aarch64_appstream
	tomcat9-lib-9.0.87-5.el10_0.1.noarch.rpm	8acc3e93202e9e850b680f0fb058822a176e5dbeb5ff01f8477b0d8054323564	-	ol10_aarch64_appstream
	tomcat9-servlet-4.0-api-9.0.87-5.el10_0.1.noarch.rpm	71592a48a9300f51eb1b1a30f1ef86c7828d4a7bbb0c8c50c23cbe0d3b17292e	-	ol10_aarch64_appstream
	tomcat9-webapps-9.0.87-5.el10_0.1.noarch.rpm	38e1e920576b1ddb2f509fb7326d859898d1bfe181807478d4482e2c52392d64	-	ol10_aarch64_appstream

Oracle Linux 10 (x86_64)	tomcat9-9.0.87-5.el10_0.1.src.rpm	c0debf10eaec17108ec5045c734ceb98f2793f49f198bbd69abe26e7a6919060	-	ol10_x86_64_appstream
	tomcat9-9.0.87-5.el10_0.1.noarch.rpm	7b06ec5a1ef958df0a3a20df9826432a179b39dbf3218ea1059350a2637c1af8	-	ol10_x86_64_appstream
	tomcat9-admin-webapps-9.0.87-5.el10_0.1.noarch.rpm	417b8d62039d1544a4cb262c2b92fcf338f7b50c29a8b9d73413db084f90ad79	-	ol10_x86_64_appstream
	tomcat9-docs-webapp-9.0.87-5.el10_0.1.noarch.rpm	bb7c4a0dd19ca858b6ff9dea7b24e77721a31a7089ca5799fb281f3fcffe9d0e	-	ol10_x86_64_appstream
	tomcat9-el-3.0-api-9.0.87-5.el10_0.1.noarch.rpm	e3b980ad0771b4e71a083cdc478f5ca553011320f1fb5beb7dae6d7bba3356d9	-	ol10_x86_64_appstream
	tomcat9-jsp-2.3-api-9.0.87-5.el10_0.1.noarch.rpm	2b566c6ebab68b3f138c1bbd54408a981223c8f1336edfb143bb87ad3f206772	-	ol10_x86_64_appstream
	tomcat9-lib-9.0.87-5.el10_0.1.noarch.rpm	8acc3e93202e9e850b680f0fb058822a176e5dbeb5ff01f8477b0d8054323564	-	ol10_x86_64_appstream
	tomcat9-servlet-4.0-api-9.0.87-5.el10_0.1.noarch.rpm	71592a48a9300f51eb1b1a30f1ef86c7828d4a7bbb0c8c50c23cbe0d3b17292e	-	ol10_x86_64_appstream
	tomcat9-webapps-9.0.87-5.el10_0.1.noarch.rpm	38e1e920576b1ddb2f509fb7326d859898d1bfe181807478d4482e2c52392d64	-	ol10_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691