Oracle Linux Security Advisory ELSA-2025-14177 http://linux.oracle.com/errata/ELSA-2025-14177.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: tomcat-9.0.87-1.el8_10.6.noarch.rpm tomcat-admin-webapps-9.0.87-1.el8_10.6.noarch.rpm tomcat-docs-webapp-9.0.87-1.el8_10.6.noarch.rpm tomcat-el-3.0-api-9.0.87-1.el8_10.6.noarch.rpm tomcat-jsp-2.3-api-9.0.87-1.el8_10.6.noarch.rpm tomcat-lib-9.0.87-1.el8_10.6.noarch.rpm tomcat-servlet-4.0-api-9.0.87-1.el8_10.6.noarch.rpm tomcat-webapps-9.0.87-1.el8_10.6.noarch.rpm aarch64: tomcat-9.0.87-1.el8_10.6.noarch.rpm tomcat-admin-webapps-9.0.87-1.el8_10.6.noarch.rpm tomcat-docs-webapp-9.0.87-1.el8_10.6.noarch.rpm tomcat-el-3.0-api-9.0.87-1.el8_10.6.noarch.rpm tomcat-jsp-2.3-api-9.0.87-1.el8_10.6.noarch.rpm tomcat-lib-9.0.87-1.el8_10.6.noarch.rpm tomcat-servlet-4.0-api-9.0.87-1.el8_10.6.noarch.rpm tomcat-webapps-9.0.87-1.el8_10.6.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/tomcat-9.0.87-1.el8_10.6.src.rpm Related CVEs: CVE-2025-48976 CVE-2025-48988 CVE-2025-48989 CVE-2025-49125 CVE-2025-52434 CVE-2025-52520 CVE-2025-53506 Description of changes: [1:9.0.87-1.el8_10.6] - Resolves: RHEL-102193 tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989) [1:9.0.87-1.el8_10.5] - Resolves: RHEL-108486 tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976) - Resolves: RHEL-108494 tomcat: Dos in multipart upload (CVE-2025-48988) - Resolves: RHEL-108502 tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125) - Resolves: RHEL-108510 tomcat: Denial of service (CVE-2025-52434) - Resolves: RHEL-108524 tomcat: Denial of service (CVE-2025-52520) - Resolves: RHEL-108518 tomcat: Denial of service (CVE-2025-53506) _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
