ELSA-2025-7497

ELSA-2025-7497 - tomcat security update

Type:SECURITY
Impact:MODERATE
Release Date:2025-06-27

Description


[1:10.1.36-1]
- Rebase tomcat to 10.1.36
- Resolves: RHEL-82925
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
- Resolves: RHEL-87272
tomcat: DoS in examples web application (CVE-2024-54677)
- Resolves: RHEL-87273
tomcat: Authentication bypass when using Jakarta Authentication API (CVE-2024-52316)
- Resolves: RHEL-85343 - NoClassDefFoundError when using migration tool


Related CVEs


CVE-2024-52316
CVE-2024-54677
CVE-2025-24813

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 10 (aarch64) tomcat-10.1.36-1.el10_0.src.rpm95f48d45088a73af01fae62cbea39f17c64a9218fbf88333af5b11496651c263-ol10_aarch64_appstream
tomcat-10.1.36-1.el10_0.noarch.rpm4982ba760aee1aa0f4ca8c15577c39e6e445e0a789a9b0dfb3e75601a4d0b180-ol10_aarch64_appstream
tomcat-admin-webapps-10.1.36-1.el10_0.noarch.rpm9d16177c9cfa646c4ed63d9ea7664e6db0220dcf806e01610bbc2afe94f98c51-ol10_aarch64_appstream
tomcat-docs-webapp-10.1.36-1.el10_0.noarch.rpmfadeac9001b893bcbc2c08bc135b4a430191dd9544edd075ac76ab8d4dd48e6f-ol10_aarch64_appstream
tomcat-el-5.0-api-10.1.36-1.el10_0.noarch.rpmb3a786fff8c62a078bb2bd8542997da324056a6c10ab61a7c198ffb58004b30b-ol10_aarch64_appstream
tomcat-jsp-3.1-api-10.1.36-1.el10_0.noarch.rpmd92aaf8bb85b731a46f1002b2d300c8ef629bedf9bbae5439e10ce852e8eb228-ol10_aarch64_appstream
tomcat-lib-10.1.36-1.el10_0.noarch.rpm65edb861dfe392ab189582ceafce8bdfa998ea1e9e9cdbbf404a7ef6b3831f3b-ol10_aarch64_appstream
tomcat-servlet-6.0-api-10.1.36-1.el10_0.noarch.rpmf0531d5ac221ad6269c52b6f231d7b89aa884c6a98afe83fcdea71d11761eb37-ol10_aarch64_appstream
tomcat-webapps-10.1.36-1.el10_0.noarch.rpmb287c9eb03533553cc94589e9d53f57e228dedd1912cc0c8aa1964a7dfdd2dce-ol10_aarch64_appstream
Oracle Linux 10 (x86_64) tomcat-10.1.36-1.el10_0.src.rpm95f48d45088a73af01fae62cbea39f17c64a9218fbf88333af5b11496651c263-ol10_x86_64_appstream
tomcat-10.1.36-1.el10_0.noarch.rpm4982ba760aee1aa0f4ca8c15577c39e6e445e0a789a9b0dfb3e75601a4d0b180-ol10_x86_64_appstream
tomcat-admin-webapps-10.1.36-1.el10_0.noarch.rpm9d16177c9cfa646c4ed63d9ea7664e6db0220dcf806e01610bbc2afe94f98c51-ol10_x86_64_appstream
tomcat-docs-webapp-10.1.36-1.el10_0.noarch.rpmfadeac9001b893bcbc2c08bc135b4a430191dd9544edd075ac76ab8d4dd48e6f-ol10_x86_64_appstream
tomcat-el-5.0-api-10.1.36-1.el10_0.noarch.rpmb3a786fff8c62a078bb2bd8542997da324056a6c10ab61a7c198ffb58004b30b-ol10_x86_64_appstream
tomcat-jsp-3.1-api-10.1.36-1.el10_0.noarch.rpmd92aaf8bb85b731a46f1002b2d300c8ef629bedf9bbae5439e10ce852e8eb228-ol10_x86_64_appstream
tomcat-lib-10.1.36-1.el10_0.noarch.rpm65edb861dfe392ab189582ceafce8bdfa998ea1e9e9cdbbf404a7ef6b3831f3b-ol10_x86_64_appstream
tomcat-servlet-6.0-api-10.1.36-1.el10_0.noarch.rpmf0531d5ac221ad6269c52b6f231d7b89aa884c6a98afe83fcdea71d11761eb37-ol10_x86_64_appstream
tomcat-webapps-10.1.36-1.el10_0.noarch.rpmb287c9eb03533553cc94589e9d53f57e228dedd1912cc0c8aa1964a7dfdd2dce-ol10_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete