Oracle Linux Security Advisory ELSA-2025-14178 http://linux.oracle.com/errata/ELSA-2025-14178.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: tomcat9-9.0.87-5.el10_0.3.noarch.rpm tomcat9-admin-webapps-9.0.87-5.el10_0.3.noarch.rpm tomcat9-docs-webapp-9.0.87-5.el10_0.3.noarch.rpm tomcat9-el-3.0-api-9.0.87-5.el10_0.3.noarch.rpm tomcat9-jsp-2.3-api-9.0.87-5.el10_0.3.noarch.rpm tomcat9-lib-9.0.87-5.el10_0.3.noarch.rpm tomcat9-servlet-4.0-api-9.0.87-5.el10_0.3.noarch.rpm tomcat9-webapps-9.0.87-5.el10_0.3.noarch.rpm aarch64: tomcat9-9.0.87-5.el10_0.3.noarch.rpm tomcat9-admin-webapps-9.0.87-5.el10_0.3.noarch.rpm tomcat9-docs-webapp-9.0.87-5.el10_0.3.noarch.rpm tomcat9-el-3.0-api-9.0.87-5.el10_0.3.noarch.rpm tomcat9-jsp-2.3-api-9.0.87-5.el10_0.3.noarch.rpm tomcat9-lib-9.0.87-5.el10_0.3.noarch.rpm tomcat9-servlet-4.0-api-9.0.87-5.el10_0.3.noarch.rpm tomcat9-webapps-9.0.87-5.el10_0.3.noarch.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/tomcat9-9.0.87-5.el10_0.3.src.rpm Related CVEs: CVE-2025-48976 CVE-2025-48988 CVE-2025-48989 CVE-2025-49125 CVE-2025-52434 CVE-2025-52520 CVE-2025-53506 Description of changes: [1:9.0.87-5.3] - Resolves: tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989) - Resolves: tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976) - Resolves: tomcat: Dos in multipart upload (CVE-2025-48988) - Resolves: tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125) - Resolves: tomcat: Denial of service (CVE-2025-52434) - Resolves: tomcat: Denial of service (CVE-2025-52520) - Resolves: tomcat: Denial of service (CVE-2025-53506) _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
