ELSA-2025-11333

ULN >
Oracle Linux Errata repository >
ELSA-2025-11333

ELSA-2025-11333 - tomcat security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-07-16

Description

[1:9.0.87-1.el8_10.4]
- Resolves: RHEL-91761
tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
- Resolves: RHEL-71971
tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)

Related CVEs

CVE-2024-56337

CVE-2025-31650

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	tomcat-9.0.87-1.el8_10.4.src.rpm	d6b1bb2d52d0dc7ecdbff3dcb04afe5ced7ffd03219fa6fa1bae2ed086125882	-	ol8_aarch64_appstream
	tomcat-9.0.87-1.el8_10.4.noarch.rpm	cfdb935276eb9c07bb0878117f3074ae291b15cfdb6124427907b1c9af112a30	-	ol8_aarch64_appstream
	tomcat-admin-webapps-9.0.87-1.el8_10.4.noarch.rpm	b867e0a4c82d0efffc7d87b8fa2a34060bef338186cabe6c9e462a0631a4eaaa	-	ol8_aarch64_appstream
	tomcat-docs-webapp-9.0.87-1.el8_10.4.noarch.rpm	a819aed0935a01ef4feb0bd8d1167c4722e0be7f3681331281550a95f6e65e08	-	ol8_aarch64_appstream
	tomcat-el-3.0-api-9.0.87-1.el8_10.4.noarch.rpm	83f410443dcdb1be2be23f5f6bf88a75022a9d856dc5d550fa7e25fa08079402	-	ol8_aarch64_appstream
	tomcat-jsp-2.3-api-9.0.87-1.el8_10.4.noarch.rpm	68fde0b1ee6599d386f2e7af635c70dfa88b09190e95180efbda61fa4d088169	-	ol8_aarch64_appstream
	tomcat-lib-9.0.87-1.el8_10.4.noarch.rpm	894d09e22432e5e0cde0eb6e3a8eb36dadf255ad9fb116905b77055a3955c8c7	-	ol8_aarch64_appstream
	tomcat-servlet-4.0-api-9.0.87-1.el8_10.4.noarch.rpm	990ea878ca9e4edd65e10d50e011ee2bb824133bf045b738e24f655090fa064b	-	ol8_aarch64_appstream
	tomcat-webapps-9.0.87-1.el8_10.4.noarch.rpm	9fe5adfb69ff7d14941ee7cbf93b71f2c78aad19c433bc15ba2bbc1c85aaec71	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	tomcat-9.0.87-1.el8_10.4.src.rpm	d6b1bb2d52d0dc7ecdbff3dcb04afe5ced7ffd03219fa6fa1bae2ed086125882	-	ol8_x86_64_appstream
	tomcat-9.0.87-1.el8_10.4.noarch.rpm	cfdb935276eb9c07bb0878117f3074ae291b15cfdb6124427907b1c9af112a30	-	ol8_x86_64_appstream
	tomcat-admin-webapps-9.0.87-1.el8_10.4.noarch.rpm	b867e0a4c82d0efffc7d87b8fa2a34060bef338186cabe6c9e462a0631a4eaaa	-	ol8_x86_64_appstream
	tomcat-docs-webapp-9.0.87-1.el8_10.4.noarch.rpm	a819aed0935a01ef4feb0bd8d1167c4722e0be7f3681331281550a95f6e65e08	-	ol8_x86_64_appstream
	tomcat-el-3.0-api-9.0.87-1.el8_10.4.noarch.rpm	83f410443dcdb1be2be23f5f6bf88a75022a9d856dc5d550fa7e25fa08079402	-	ol8_x86_64_appstream
	tomcat-jsp-2.3-api-9.0.87-1.el8_10.4.noarch.rpm	68fde0b1ee6599d386f2e7af635c70dfa88b09190e95180efbda61fa4d088169	-	ol8_x86_64_appstream
	tomcat-lib-9.0.87-1.el8_10.4.noarch.rpm	894d09e22432e5e0cde0eb6e3a8eb36dadf255ad9fb116905b77055a3955c8c7	-	ol8_x86_64_appstream
	tomcat-servlet-4.0-api-9.0.87-1.el8_10.4.noarch.rpm	990ea878ca9e4edd65e10d50e011ee2bb824133bf045b738e24f655090fa064b	-	ol8_x86_64_appstream
	tomcat-webapps-9.0.87-1.el8_10.4.noarch.rpm	9fe5adfb69ff7d14941ee7cbf93b71f2c78aad19c433bc15ba2bbc1c85aaec71	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691