ELSA-2025-7497

ULN >
Oracle Linux Errata repository >
ELSA-2025-7497

ELSA-2025-7497 - tomcat security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2025-06-27

Description

[1:10.1.36-1]
- Rebase tomcat to 10.1.36
- Resolves: RHEL-82925
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
- Resolves: RHEL-87272
tomcat: DoS in examples web application (CVE-2024-54677)
- Resolves: RHEL-87273
tomcat: Authentication bypass when using Jakarta Authentication API (CVE-2024-52316)
- Resolves: RHEL-85343 - NoClassDefFoundError when using migration tool

Related CVEs

CVE-2024-52316

CVE-2024-54677

CVE-2025-24813

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 10 (aarch64)	tomcat-10.1.36-1.el10_0.src.rpm	95f48d45088a73af01fae62cbea39f17c64a9218fbf88333af5b11496651c263	-	ol10_aarch64_appstream
	tomcat-10.1.36-1.el10_0.noarch.rpm	4982ba760aee1aa0f4ca8c15577c39e6e445e0a789a9b0dfb3e75601a4d0b180	-	ol10_aarch64_appstream
	tomcat-admin-webapps-10.1.36-1.el10_0.noarch.rpm	9d16177c9cfa646c4ed63d9ea7664e6db0220dcf806e01610bbc2afe94f98c51	-	ol10_aarch64_appstream
	tomcat-docs-webapp-10.1.36-1.el10_0.noarch.rpm	fadeac9001b893bcbc2c08bc135b4a430191dd9544edd075ac76ab8d4dd48e6f	-	ol10_aarch64_appstream
	tomcat-el-5.0-api-10.1.36-1.el10_0.noarch.rpm	b3a786fff8c62a078bb2bd8542997da324056a6c10ab61a7c198ffb58004b30b	-	ol10_aarch64_appstream
	tomcat-jsp-3.1-api-10.1.36-1.el10_0.noarch.rpm	d92aaf8bb85b731a46f1002b2d300c8ef629bedf9bbae5439e10ce852e8eb228	-	ol10_aarch64_appstream
	tomcat-lib-10.1.36-1.el10_0.noarch.rpm	65edb861dfe392ab189582ceafce8bdfa998ea1e9e9cdbbf404a7ef6b3831f3b	-	ol10_aarch64_appstream
	tomcat-servlet-6.0-api-10.1.36-1.el10_0.noarch.rpm	f0531d5ac221ad6269c52b6f231d7b89aa884c6a98afe83fcdea71d11761eb37	-	ol10_aarch64_appstream
	tomcat-webapps-10.1.36-1.el10_0.noarch.rpm	b287c9eb03533553cc94589e9d53f57e228dedd1912cc0c8aa1964a7dfdd2dce	-	ol10_aarch64_appstream

Oracle Linux 10 (x86_64)	tomcat-10.1.36-1.el10_0.src.rpm	95f48d45088a73af01fae62cbea39f17c64a9218fbf88333af5b11496651c263	-	ol10_x86_64_appstream
	tomcat-10.1.36-1.el10_0.noarch.rpm	4982ba760aee1aa0f4ca8c15577c39e6e445e0a789a9b0dfb3e75601a4d0b180	-	ol10_x86_64_appstream
	tomcat-admin-webapps-10.1.36-1.el10_0.noarch.rpm	9d16177c9cfa646c4ed63d9ea7664e6db0220dcf806e01610bbc2afe94f98c51	-	ol10_x86_64_appstream
	tomcat-docs-webapp-10.1.36-1.el10_0.noarch.rpm	fadeac9001b893bcbc2c08bc135b4a430191dd9544edd075ac76ab8d4dd48e6f	-	ol10_x86_64_appstream
	tomcat-el-5.0-api-10.1.36-1.el10_0.noarch.rpm	b3a786fff8c62a078bb2bd8542997da324056a6c10ab61a7c198ffb58004b30b	-	ol10_x86_64_appstream
	tomcat-jsp-3.1-api-10.1.36-1.el10_0.noarch.rpm	d92aaf8bb85b731a46f1002b2d300c8ef629bedf9bbae5439e10ce852e8eb228	-	ol10_x86_64_appstream
	tomcat-lib-10.1.36-1.el10_0.noarch.rpm	65edb861dfe392ab189582ceafce8bdfa998ea1e9e9cdbbf404a7ef6b3831f3b	-	ol10_x86_64_appstream
	tomcat-servlet-6.0-api-10.1.36-1.el10_0.noarch.rpm	f0531d5ac221ad6269c52b6f231d7b89aa884c6a98afe83fcdea71d11761eb37	-	ol10_x86_64_appstream
	tomcat-webapps-10.1.36-1.el10_0.noarch.rpm	b287c9eb03533553cc94589e9d53f57e228dedd1912cc0c8aa1964a7dfdd2dce	-	ol10_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691