Oracle Linux Security Advisory ELSA-2025-14181 http://linux.oracle.com/errata/ELSA-2025-14181.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: tomcat-9.0.87-3.el9_6.3.noarch.rpm tomcat-admin-webapps-9.0.87-3.el9_6.3.noarch.rpm tomcat-docs-webapp-9.0.87-3.el9_6.3.noarch.rpm tomcat-el-3.0-api-9.0.87-3.el9_6.3.noarch.rpm tomcat-jsp-2.3-api-9.0.87-3.el9_6.3.noarch.rpm tomcat-lib-9.0.87-3.el9_6.3.noarch.rpm tomcat-servlet-4.0-api-9.0.87-3.el9_6.3.noarch.rpm tomcat-webapps-9.0.87-3.el9_6.3.noarch.rpm aarch64: tomcat-9.0.87-3.el9_6.3.noarch.rpm tomcat-admin-webapps-9.0.87-3.el9_6.3.noarch.rpm tomcat-docs-webapp-9.0.87-3.el9_6.3.noarch.rpm tomcat-el-3.0-api-9.0.87-3.el9_6.3.noarch.rpm tomcat-jsp-2.3-api-9.0.87-3.el9_6.3.noarch.rpm tomcat-lib-9.0.87-3.el9_6.3.noarch.rpm tomcat-servlet-4.0-api-9.0.87-3.el9_6.3.noarch.rpm tomcat-webapps-9.0.87-3.el9_6.3.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/tomcat-9.0.87-3.el9_6.3.src.rpm Related CVEs: CVE-2025-48976 CVE-2025-48988 CVE-2025-48989 CVE-2025-49125 CVE-2025-52434 CVE-2025-52520 CVE-2025-53506 Description of changes: [1:9.0.87-3.el9_6.3] - Resolves: RHEL-102200 tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989) [1:9.0.87-3.el9_6.2] - Resolves: RHEL-108491 tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976) - Resolves: RHEL-108499 tomcat: Dos in multipart upload (CVE-2025-48988) - Resolves: RHEL-108507 tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125) - Resolves: RHEL-108515 tomcat: Denial of service (CVE-2025-52434) - Resolves: RHEL-108531 tomcat: Denial of service (CVE-2025-52520) - Resolves: RHEL-108527 tomcat: Denial of service (CVE-2025-53506) _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata
