tomcat-9.0.62-5.el8.2

エラータID: AXSA:2023-6527:03

Release date: 
Saturday, October 21, 2023 - 09:15
Subject: 
tomcat-9.0.62-5.el8.2
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Solution: 

Update packages.

CVEs: 
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Additional Info: 

N/A

Download: 

SRPMS
  1. tomcat-9.0.62-5.el8.2.src.rpm
    MD5: 30872327c5e1cf7c159afd42eea23dda
    SHA-256: 9d8a0f8fdcfff459f6b5102556862f6a9ceacc6d63a31ad1d51b0d2d99eaf978
    Size: 14.34 MB

Asianux Server 8 for x86_64
  1. tomcat-9.0.62-5.el8.2.noarch.rpm
    MD5: 095e02fa06a992d13e3400077b78f198
    SHA-256: 9fcbf7dd5d5bd25ddec0a5b4044c316bd7d928991a0f13b6d4bb3d14ac83f31e
    Size: 90.45 kB
  2. tomcat-admin-webapps-9.0.62-5.el8.2.noarch.rpm
    MD5: 8ba0604552097cd2d76d980de067f839
    SHA-256: bc08e38c56640773fab8897a1f4c51058ed10569c57c3377afe6c67189721bd8
    Size: 72.15 kB
  3. tomcat-docs-webapp-9.0.62-5.el8.2.noarch.rpm
    MD5: fff1c3818bb3511722e3d4d7a82c65dc
    SHA-256: ae8ef9938570d6e622c9635cb3af4c3de27a971853f1183b30194000a79fea91
    Size: 728.32 kB
  4. tomcat-el-3.0-api-9.0.62-5.el8.2.noarch.rpm
    MD5: 215ff7d5e7270cacc562cfbf6ee0884e
    SHA-256: 115daa4bed3f0bc517cdcf748847ed046898a9ad9fa8b017f15c32302406ce8b
    Size: 105.31 kB
  5. tomcat-jsp-2.3-api-9.0.62-5.el8.2.noarch.rpm
    MD5: 2027ac3e1efd0827abb059fa913e60d0
    SHA-256: 7ece53869156fb07e1a913e0bb73cce1e972cb2f7913734a7f681942b638bd56
    Size: 64.19 kB
  6. tomcat-lib-9.0.62-5.el8.2.noarch.rpm
    MD5: 34c5a174f052903208be22d73f15f121
    SHA-256: 62571b8ffc51231ba69783694b244f2379acc866f18786ff977ce9bf39b5dcb3
    Size: 5.90 MB
  7. tomcat-servlet-4.0-api-9.0.62-5.el8.2.noarch.rpm
    MD5: 1a431b660279bb2361e05153f8a3f8d2
    SHA-256: ac5107a8a7ac2e8bab15dc56a2700477b4ce1e1ef69cfad44548f9a439a741c9
    Size: 285.25 kB
  8. tomcat-webapps-9.0.62-5.el8.2.noarch.rpm
    MD5: b7bd329035a23ace700433fc09741212
    SHA-256: 9b1e811cb4680b22dbeec0d58134d5d5ca0598fb371a71fa1c9975afe43e8a11
    Size: 79.56 kB