ELSA-2025-14179

ULN >
Oracle Linux Errata repository >
ELSA-2025-14179

ELSA-2025-14179 - tomcat security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-08-22

Description

[1:10.1.36-1.2]
- tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)
- tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)
- tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames (CVE-2025-48989)
- tomcat: Apache Tomcat denial of service (CVE-2025-52520)
- tomcat: Apache Tomcat denial of service (CVE-2025-53506)

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 10 (aarch64)	tomcat-10.1.36-1.el10_0.2.src.rpm	2407d3bc1b8efd14613a49dde9536d55d47e96f222394124510c2c6777d65c33	-	ol10_aarch64_appstream
	tomcat-10.1.36-1.el10_0.2.noarch.rpm	1947fbb71b58133e8a887ea74ded7be51102f744a52ac306f1f830d3d4895e96	-	ol10_aarch64_appstream
	tomcat-admin-webapps-10.1.36-1.el10_0.2.noarch.rpm	6689b498e20b33413d71c69d5bc0e448096f77d516f7aabbb2678381870f4132	-	ol10_aarch64_appstream
	tomcat-docs-webapp-10.1.36-1.el10_0.2.noarch.rpm	eb004a70922a28c2cd0d57a68666736d1018e7f595b7c267140d980519c3dd60	-	ol10_aarch64_appstream
	tomcat-el-5.0-api-10.1.36-1.el10_0.2.noarch.rpm	73ca4cbbf2de5317e33223ef5eb069945b0a3e23bf32ccc11c062bc10b8e4632	-	ol10_aarch64_appstream
	tomcat-jsp-3.1-api-10.1.36-1.el10_0.2.noarch.rpm	dc5f086b51914dce17eaca4bf5f586eb275786a0719f014d94b65fa06e35ff17	-	ol10_aarch64_appstream
	tomcat-lib-10.1.36-1.el10_0.2.noarch.rpm	775c41f90b1cf955919fa65554e094694f5b08892db49f1310604e1dbd9e6bec	-	ol10_aarch64_appstream
	tomcat-servlet-6.0-api-10.1.36-1.el10_0.2.noarch.rpm	d291a40d82c25121edb84de12817a1540ed91d4a4778889fb779a6b115130299	-	ol10_aarch64_appstream
	tomcat-webapps-10.1.36-1.el10_0.2.noarch.rpm	22e04c5bdad847ab6cb2eff5eae8d7b220759bdb31cbac016de6d1b944a4166d	-	ol10_aarch64_appstream

Oracle Linux 10 (x86_64)	tomcat-10.1.36-1.el10_0.2.src.rpm	2407d3bc1b8efd14613a49dde9536d55d47e96f222394124510c2c6777d65c33	-	ol10_x86_64_appstream
	tomcat-10.1.36-1.el10_0.2.noarch.rpm	1947fbb71b58133e8a887ea74ded7be51102f744a52ac306f1f830d3d4895e96	-	ol10_x86_64_appstream
	tomcat-admin-webapps-10.1.36-1.el10_0.2.noarch.rpm	6689b498e20b33413d71c69d5bc0e448096f77d516f7aabbb2678381870f4132	-	ol10_x86_64_appstream
	tomcat-docs-webapp-10.1.36-1.el10_0.2.noarch.rpm	eb004a70922a28c2cd0d57a68666736d1018e7f595b7c267140d980519c3dd60	-	ol10_x86_64_appstream
	tomcat-el-5.0-api-10.1.36-1.el10_0.2.noarch.rpm	73ca4cbbf2de5317e33223ef5eb069945b0a3e23bf32ccc11c062bc10b8e4632	-	ol10_x86_64_appstream
	tomcat-jsp-3.1-api-10.1.36-1.el10_0.2.noarch.rpm	dc5f086b51914dce17eaca4bf5f586eb275786a0719f014d94b65fa06e35ff17	-	ol10_x86_64_appstream
	tomcat-lib-10.1.36-1.el10_0.2.noarch.rpm	775c41f90b1cf955919fa65554e094694f5b08892db49f1310604e1dbd9e6bec	-	ol10_x86_64_appstream
	tomcat-servlet-6.0-api-10.1.36-1.el10_0.2.noarch.rpm	d291a40d82c25121edb84de12817a1540ed91d4a4778889fb779a6b115130299	-	ol10_x86_64_appstream
	tomcat-webapps-10.1.36-1.el10_0.2.noarch.rpm	22e04c5bdad847ab6cb2eff5eae8d7b220759bdb31cbac016de6d1b944a4166d	-	ol10_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691