ELSA-2025-14181

ULN >
Oracle Linux Errata repository >
ELSA-2025-14181

ELSA-2025-14181 - tomcat security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-08-20

Description

[1:9.0.87-3.el9_6.3]
- Resolves: RHEL-102200
tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames (CVE-2025-48989)

[1:9.0.87-3.el9_6.2]
- Resolves: RHEL-108491
tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
- Resolves: RHEL-108499
tomcat: Dos in multipart upload (CVE-2025-48988)
- Resolves: RHEL-108507
tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- Resolves: RHEL-108515
tomcat: Denial of service (CVE-2025-52434)
- Resolves: RHEL-108531
tomcat: Denial of service (CVE-2025-52520)
- Resolves: RHEL-108527
tomcat: Denial of service (CVE-2025-53506)

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	tomcat-9.0.87-3.el9_6.3.src.rpm	b9706f31903dcb938aad1548f67cb70e74981040b753ad0367d97d31234e3a0f	-	ol9_aarch64_appstream
	tomcat-9.0.87-3.el9_6.3.noarch.rpm	b24709c6378b9cbefc14472be0b1c0781a75ea42ab316bf72f02c796ee544bbd	-	ol9_aarch64_appstream
	tomcat-admin-webapps-9.0.87-3.el9_6.3.noarch.rpm	1167eebe5df24259f6f2d37e757b8ab25e852c3d2029150bbf5c22ffe55af534	-	ol9_aarch64_appstream
	tomcat-docs-webapp-9.0.87-3.el9_6.3.noarch.rpm	68f1e8f2bd34161e149947efc77f93ed4ed298293a293c3633867b8e1586d880	-	ol9_aarch64_appstream
	tomcat-el-3.0-api-9.0.87-3.el9_6.3.noarch.rpm	509f5b78c58e93008e1e559030096545a64a5c1e5425ec7a1c3794e03f078109	-	ol9_aarch64_appstream
	tomcat-jsp-2.3-api-9.0.87-3.el9_6.3.noarch.rpm	e87f4f7114fa2ee77772203a17ce781874f0c964f0eff211ad70e797b7041601	-	ol9_aarch64_appstream
	tomcat-lib-9.0.87-3.el9_6.3.noarch.rpm	b69389f26f01bf6d68c8e7f102998efc1280f4fc53a8ef17c8a1aa2a31ef4000	-	ol9_aarch64_appstream
	tomcat-servlet-4.0-api-9.0.87-3.el9_6.3.noarch.rpm	f23ca064bdb36a41784bb376478b5e5a5d1710cf85fcc64c04a319f67632f853	-	ol9_aarch64_appstream
	tomcat-webapps-9.0.87-3.el9_6.3.noarch.rpm	753e6e8eb86737c2eb0f75bceadf72d465693fa1dfa20db5e4e808fe352b1985	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	tomcat-9.0.87-3.el9_6.3.src.rpm	b9706f31903dcb938aad1548f67cb70e74981040b753ad0367d97d31234e3a0f	-	ol9_x86_64_appstream
	tomcat-9.0.87-3.el9_6.3.noarch.rpm	b24709c6378b9cbefc14472be0b1c0781a75ea42ab316bf72f02c796ee544bbd	-	ol9_x86_64_appstream
	tomcat-admin-webapps-9.0.87-3.el9_6.3.noarch.rpm	1167eebe5df24259f6f2d37e757b8ab25e852c3d2029150bbf5c22ffe55af534	-	ol9_x86_64_appstream
	tomcat-docs-webapp-9.0.87-3.el9_6.3.noarch.rpm	68f1e8f2bd34161e149947efc77f93ed4ed298293a293c3633867b8e1586d880	-	ol9_x86_64_appstream
	tomcat-el-3.0-api-9.0.87-3.el9_6.3.noarch.rpm	509f5b78c58e93008e1e559030096545a64a5c1e5425ec7a1c3794e03f078109	-	ol9_x86_64_appstream
	tomcat-jsp-2.3-api-9.0.87-3.el9_6.3.noarch.rpm	e87f4f7114fa2ee77772203a17ce781874f0c964f0eff211ad70e797b7041601	-	ol9_x86_64_appstream
	tomcat-lib-9.0.87-3.el9_6.3.noarch.rpm	b69389f26f01bf6d68c8e7f102998efc1280f4fc53a8ef17c8a1aa2a31ef4000	-	ol9_x86_64_appstream
	tomcat-servlet-4.0-api-9.0.87-3.el9_6.3.noarch.rpm	f23ca064bdb36a41784bb376478b5e5a5d1710cf85fcc64c04a319f67632f853	-	ol9_x86_64_appstream
	tomcat-webapps-9.0.87-3.el9_6.3.noarch.rpm	753e6e8eb86737c2eb0f75bceadf72d465693fa1dfa20db5e4e808fe352b1985	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691