An update is available for tomcat.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)
Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)
Bug Fix(es):
Rebase tomcat to version 9.0.87 (JIRA:Rocky Linux-35813)
Amend tomcat package’s changelog so that fixed CVEs are mentioned explicitly (JIRA:Rocky Linux-38548)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
rocky | 8 | noarch | tomcat | < 9.0.87-1.el8_10.1 | tomcat-1:9.0.87-1.el8_10.1.noarch.rpm |
rocky | 8 | noarch | tomcat-admin-webapps | < 9.0.87-1.el8_10.1 | tomcat-admin-webapps-1:9.0.87-1.el8_10.1.noarch.rpm |
rocky | 8 | noarch | tomcat-docs-webapp | < 9.0.87-1.el8_10.1 | tomcat-docs-webapp-1:9.0.87-1.el8_10.1.noarch.rpm |
rocky | 8 | noarch | tomcat-el-3.0-api | < 9.0.87-1.el8_10.1 | tomcat-el-3.0-api-1:9.0.87-1.el8_10.1.noarch.rpm |
rocky | 8 | noarch | tomcat-jsp-2.3-api | < 9.0.87-1.el8_10.1 | tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.1.noarch.rpm |
rocky | 8 | noarch | tomcat-lib | < 9.0.87-1.el8_10.1 | tomcat-lib-1:9.0.87-1.el8_10.1.noarch.rpm |
rocky | 8 | noarch | tomcat-servlet-4.0-api | < 9.0.87-1.el8_10.1 | tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.1.noarch.rpm |
rocky | 8 | noarch | tomcat-webapps | < 9.0.87-1.el8_10.1 | tomcat-webapps-1:9.0.87-1.el8_10.1.noarch.rpm |