ELSA-2025-11335

ULN >
Oracle Linux Errata repository >
ELSA-2025-11335

ELSA-2025-11335 - tomcat security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-07-16

Description

[1:9.0.87-3.el9_6.1]
- Resolves: RHEL-91765
tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
- Resolves: RHEL-71981
tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)

[1:9.0.87-3]
- Resolves: RHEL-82945
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
- Resolves: RHEL-71723
tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)

Related CVEs

CVE-2025-31650

CVE-2024-56337

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	tomcat-9.0.87-3.el9_6.1.src.rpm	c7af900b9f8196c4695e5b290de5a5e34dfa9d32c276843c2f96b8e973bafc04	-	ol9_aarch64_appstream
	tomcat-9.0.87-3.el9_6.1.noarch.rpm	eefc1dcb3495cf8cf8f4f64be17a62ed367a4545ffdc19beb5c92ee2ad524e78	-	ol9_aarch64_appstream
	tomcat-admin-webapps-9.0.87-3.el9_6.1.noarch.rpm	d0180a8cbf17dc02aca1408e1bbdd60d0f5388876d41749004762089395ff944	-	ol9_aarch64_appstream
	tomcat-docs-webapp-9.0.87-3.el9_6.1.noarch.rpm	c0960be488f8d79b7c2e8e0fa16620b2223a48c3a16afe9783429530dc97dbe9	-	ol9_aarch64_appstream
	tomcat-el-3.0-api-9.0.87-3.el9_6.1.noarch.rpm	d144d68c7b934c5c6ebf5de5b131da0838793b8d68b98fa8978a64c44e517797	-	ol9_aarch64_appstream
	tomcat-jsp-2.3-api-9.0.87-3.el9_6.1.noarch.rpm	b0ca49fa4d05c761709435878c4b601882b0e05b7b82c129a7426d61bee2926a	-	ol9_aarch64_appstream
	tomcat-lib-9.0.87-3.el9_6.1.noarch.rpm	1259919fe4f0b62ece2723a5b306101062e64e396d43f79a8e47275ea0a10a00	-	ol9_aarch64_appstream
	tomcat-servlet-4.0-api-9.0.87-3.el9_6.1.noarch.rpm	891e7690c95131a88c6f655ca9a47b41ae7b27a362cdd1880b902fddfed50fb1	-	ol9_aarch64_appstream
	tomcat-webapps-9.0.87-3.el9_6.1.noarch.rpm	fd564c0627584a589a24eb2ee8aa363e5a363bda5243da4f27b9746506897e52	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	tomcat-9.0.87-3.el9_6.1.src.rpm	c7af900b9f8196c4695e5b290de5a5e34dfa9d32c276843c2f96b8e973bafc04	-	ol9_x86_64_appstream
	tomcat-9.0.87-3.el9_6.1.noarch.rpm	eefc1dcb3495cf8cf8f4f64be17a62ed367a4545ffdc19beb5c92ee2ad524e78	-	ol9_x86_64_appstream
	tomcat-admin-webapps-9.0.87-3.el9_6.1.noarch.rpm	d0180a8cbf17dc02aca1408e1bbdd60d0f5388876d41749004762089395ff944	-	ol9_x86_64_appstream
	tomcat-docs-webapp-9.0.87-3.el9_6.1.noarch.rpm	c0960be488f8d79b7c2e8e0fa16620b2223a48c3a16afe9783429530dc97dbe9	-	ol9_x86_64_appstream
	tomcat-el-3.0-api-9.0.87-3.el9_6.1.noarch.rpm	d144d68c7b934c5c6ebf5de5b131da0838793b8d68b98fa8978a64c44e517797	-	ol9_x86_64_appstream
	tomcat-jsp-2.3-api-9.0.87-3.el9_6.1.noarch.rpm	b0ca49fa4d05c761709435878c4b601882b0e05b7b82c129a7426d61bee2926a	-	ol9_x86_64_appstream
	tomcat-lib-9.0.87-3.el9_6.1.noarch.rpm	1259919fe4f0b62ece2723a5b306101062e64e396d43f79a8e47275ea0a10a00	-	ol9_x86_64_appstream
	tomcat-servlet-4.0-api-9.0.87-3.el9_6.1.noarch.rpm	891e7690c95131a88c6f655ca9a47b41ae7b27a362cdd1880b902fddfed50fb1	-	ol9_x86_64_appstream
	tomcat-webapps-9.0.87-3.el9_6.1.noarch.rpm	fd564c0627584a589a24eb2ee8aa363e5a363bda5243da4f27b9746506897e52	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691