Oracle Linux Security Advisory ELSA-2025-14179 http://linux.oracle.com/errata/ELSA-2025-14179.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: tomcat-10.1.36-1.el10_0.2.noarch.rpm tomcat-admin-webapps-10.1.36-1.el10_0.2.noarch.rpm tomcat-docs-webapp-10.1.36-1.el10_0.2.noarch.rpm tomcat-el-5.0-api-10.1.36-1.el10_0.2.noarch.rpm tomcat-jsp-3.1-api-10.1.36-1.el10_0.2.noarch.rpm tomcat-lib-10.1.36-1.el10_0.2.noarch.rpm tomcat-servlet-6.0-api-10.1.36-1.el10_0.2.noarch.rpm tomcat-webapps-10.1.36-1.el10_0.2.noarch.rpm aarch64: tomcat-10.1.36-1.el10_0.2.noarch.rpm tomcat-admin-webapps-10.1.36-1.el10_0.2.noarch.rpm tomcat-docs-webapp-10.1.36-1.el10_0.2.noarch.rpm tomcat-el-5.0-api-10.1.36-1.el10_0.2.noarch.rpm tomcat-jsp-3.1-api-10.1.36-1.el10_0.2.noarch.rpm tomcat-lib-10.1.36-1.el10_0.2.noarch.rpm tomcat-servlet-6.0-api-10.1.36-1.el10_0.2.noarch.rpm tomcat-webapps-10.1.36-1.el10_0.2.noarch.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/tomcat-10.1.36-1.el10_0.2.src.rpm Related CVEs: CVE-2025-48976 CVE-2025-48988 CVE-2025-48989 CVE-2025-49125 CVE-2025-52520 CVE-2025-53506 Description of changes: [1:10.1.36-1.2] - tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988) - tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125) - apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976) - tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989) - tomcat: Apache Tomcat denial of service (CVE-2025-52520) - tomcat: Apache Tomcat denial of service (CVE-2025-53506) _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata
