ELSA-2025-3683

ULN >
Oracle Linux Errata repository >
ELSA-2025-3683

ELSA-2025-3683 - tomcat security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2025-04-08

Description

[1:9.0.87-1.el8_10.3]
- Resolves: RHEL-82934
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
- Resolves: RHEL-71708
tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)

Related CVEs

CVE-2024-50379

CVE-2025-24813

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	tomcat-9.0.87-1.el8_10.3.src.rpm	abf6472803820481ec2b670a6c11df1111f9f3e799b2e9dd0b47206296cf6bc8	-	ol8_aarch64_appstream
	tomcat-9.0.87-1.el8_10.3.noarch.rpm	0f847091872a0a38f639fa11d15fffb06b2d2ed7ed58e43ddd8eee6d570cd765	-	ol8_aarch64_appstream
	tomcat-admin-webapps-9.0.87-1.el8_10.3.noarch.rpm	7fd3cf97af66358e237815040fcf8cd9920da6b2b2098bee0719adacf7c0ed16	-	ol8_aarch64_appstream
	tomcat-docs-webapp-9.0.87-1.el8_10.3.noarch.rpm	9e4482e1c69f7063e02cbc461c89637863977f688633fa71f8120ead45a395fe	-	ol8_aarch64_appstream
	tomcat-el-3.0-api-9.0.87-1.el8_10.3.noarch.rpm	57a08f0b46b29ce1a1f8a9a9b90177cd7192c67a2d875034efc505ca6eff451b	-	ol8_aarch64_appstream
	tomcat-jsp-2.3-api-9.0.87-1.el8_10.3.noarch.rpm	fb84b446a12cd2826c162acdb127b0cff4e30079f575e77a6676081d7c4875e4	-	ol8_aarch64_appstream
	tomcat-lib-9.0.87-1.el8_10.3.noarch.rpm	6c497ec68e607f7644e2459b35e13bb1834217fc8f7eb6aa2d0e696ce275e2ab	-	ol8_aarch64_appstream
	tomcat-servlet-4.0-api-9.0.87-1.el8_10.3.noarch.rpm	38e5de4d33735c67cc759ed0925202291abd2de0f01d55734c16bb66d9347bb9	-	ol8_aarch64_appstream
	tomcat-webapps-9.0.87-1.el8_10.3.noarch.rpm	9d68c52e6566d2893f7737dc70c22327a9989cbf402e18d35dff6d54fb866189	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	tomcat-9.0.87-1.el8_10.3.src.rpm	abf6472803820481ec2b670a6c11df1111f9f3e799b2e9dd0b47206296cf6bc8	-	ol8_x86_64_appstream
	tomcat-9.0.87-1.el8_10.3.noarch.rpm	0f847091872a0a38f639fa11d15fffb06b2d2ed7ed58e43ddd8eee6d570cd765	-	ol8_x86_64_appstream
	tomcat-admin-webapps-9.0.87-1.el8_10.3.noarch.rpm	7fd3cf97af66358e237815040fcf8cd9920da6b2b2098bee0719adacf7c0ed16	-	ol8_x86_64_appstream
	tomcat-docs-webapp-9.0.87-1.el8_10.3.noarch.rpm	9e4482e1c69f7063e02cbc461c89637863977f688633fa71f8120ead45a395fe	-	ol8_x86_64_appstream
	tomcat-el-3.0-api-9.0.87-1.el8_10.3.noarch.rpm	57a08f0b46b29ce1a1f8a9a9b90177cd7192c67a2d875034efc505ca6eff451b	-	ol8_x86_64_appstream
	tomcat-jsp-2.3-api-9.0.87-1.el8_10.3.noarch.rpm	fb84b446a12cd2826c162acdb127b0cff4e30079f575e77a6676081d7c4875e4	-	ol8_x86_64_appstream
	tomcat-lib-9.0.87-1.el8_10.3.noarch.rpm	6c497ec68e607f7644e2459b35e13bb1834217fc8f7eb6aa2d0e696ce275e2ab	-	ol8_x86_64_appstream
	tomcat-servlet-4.0-api-9.0.87-1.el8_10.3.noarch.rpm	38e5de4d33735c67cc759ed0925202291abd2de0f01d55734c16bb66d9347bb9	-	ol8_x86_64_appstream
	tomcat-webapps-9.0.87-1.el8_10.3.noarch.rpm	9d68c52e6566d2893f7737dc70c22327a9989cbf402e18d35dff6d54fb866189	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691