tomcat-9.0.62-37.el9_3.2

エラータID: AXSA:2024-7586:05

Release date: 
Friday, March 8, 2024 - 14:46
Subject: 
tomcat-9.0.62-37.el9_3.2
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

* tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-46589
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

Solution: 

Update packages.

CVEs: 
CVE-2023-46589
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
Additional Info: 

N/A

Download: 

SRPMS
  1. tomcat-9.0.62-37.el9_3.2.src.rpm
    MD5: 5302309630a63b1bd3daaa9028b23425
    SHA-256: 8c3ad832a69edd649068475c8e011b31fb71d8960c2552d705450c450e30ed19
    Size: 14.56 MB

Asianux Server 9 for x86_64
  1. tomcat-9.0.62-37.el9_3.2.noarch.rpm
    MD5: e4962bdb8cb6fba60c33d37ddb3b70a0
    SHA-256: b88a288b9fe57f291aad7e724cce49a7f2bc5fa4f168ff3b1b359adc4c360467
    Size: 97.01 kB
  2. tomcat-admin-webapps-9.0.62-37.el9_3.2.noarch.rpm
    MD5: 11b069f4b5cd78b5cfe52a30d6ef491a
    SHA-256: a1a537d34ab9176153ed6bfb30f70a074ea7524482395fb58456d26473fef427
    Size: 78.60 kB
  3. tomcat-docs-webapp-9.0.62-37.el9_3.2.noarch.rpm
    MD5: 307c12a8b668512aa4cea406c0d1fba1
    SHA-256: d46ef542651f49b1f5239b9e8a84324f7f0dd3bb63562011d2a2acd669df6ef5
    Size: 703.80 kB
  4. tomcat-el-3.0-api-9.0.62-37.el9_3.2.noarch.rpm
    MD5: 4cd6360e4ba756ac8b269903759b3e0c
    SHA-256: 80a7125a8a2bcc1c22a74d0a9808074c20d228df88e5c5241ff86a0aa5959a87
    Size: 104.49 kB
  5. tomcat-jsp-2.3-api-9.0.62-37.el9_3.2.noarch.rpm
    MD5: 31d8e9020e75e59ff53e061a98454af4
    SHA-256: 8d01796f2b65e976a458c0d9fea1484d70ce2e6948557764af5b7f8d498b2278
    Size: 64.41 kB
  6. tomcat-lib-9.0.62-37.el9_3.2.noarch.rpm
    MD5: 4bc426014e1c6853e08bf49fef65a30c
    SHA-256: c7165d2e2b52bb1200ad6e750bf917a1b959c4885d0b3f673ddd942e63406617
    Size: 5.83 MB
  7. tomcat-servlet-4.0-api-9.0.62-37.el9_3.2.noarch.rpm
    MD5: 9722646e363da28e7f7c0851fc064f1a
    SHA-256: 10e1b96939bcfe68a1304a99a0ec8d3ffba636cef0b5bcb619a670763f5e509c
    Size: 282.89 kB
  8. tomcat-webapps-9.0.62-37.el9_3.2.noarch.rpm
    MD5: ebd5421b1cc0c471f06a10ebc3e19390
    SHA-256: 6b2b0f9d2665943884cb6df52917dfb99642c5d89d57993f5c3efb9832c6bfdb
    Size: 79.43 kB