tomcat-9.0.87-1.el8_10.2

エラータID: AXSA:2024-8697:11

Release date: 
Thursday, August 22, 2024 - 10:42
Subject: 
tomcat-9.0.87-1.el8_10.2
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-34750
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. tomcat-9.0.87-1.el8_10.2.src.rpm
    MD5: b28b2aeae5a4c82aa2464a9af1c59bfa
    SHA-256: b2c7548435c8753801a3539380e816385b321686f04efab819dc2f0aa8de9360
    Size: 15.10 MB

Asianux Server 8 for x86_64
  1. tomcat-9.0.87-1.el8_10.2.noarch.rpm
    MD5: 5ecb40a3eca2ed7837d5be6471706e1e
    SHA-256: b98eddbfefd050a939ba40dd9fb88083cc0d8c586aa78fe0b16e4be7085b7ff3
    Size: 93.08 kB
  2. tomcat-admin-webapps-9.0.87-1.el8_10.2.noarch.rpm
    MD5: c38377d260d21df61749877ddff34845
    SHA-256: 5a64163d4808bb26d0d911ae2b94e3a4490061d9f4d834a77b6792d6d2dabdce
    Size: 74.04 kB
  3. tomcat-docs-webapp-9.0.87-1.el8_10.2.noarch.rpm
    MD5: e4a2694195c1be5c1de4cbdec776b0f7
    SHA-256: de3d3c6ba76ef8a87453e9828d3940b9af8332a295c2022de57905db9ac69c6b
    Size: 755.10 kB
  4. tomcat-el-3.0-api-9.0.87-1.el8_10.2.noarch.rpm
    MD5: 1d2e2a5583a4b265012b6dec091deb04
    SHA-256: 2786da4b5a09bece5799c1f2afb8778af2b73bc7b15158618f18e41a81f1f5a0
    Size: 107.07 kB
  5. tomcat-jsp-2.3-api-9.0.87-1.el8_10.2.noarch.rpm
    MD5: de017086973d1d9931f1f8832d1379a3
    SHA-256: 2be861b48c39584ede9dca96462f6998324fcca34792061093a9ec013bf720e2
    Size: 72.95 kB
  6. tomcat-lib-9.0.87-1.el8_10.2.noarch.rpm
    MD5: b590704e5fdce748093d96d9eb0785b4
    SHA-256: a8228323e8ad847697ce14a34453e4455943970340f2bff5a499d5a3736a6819
    Size: 6.04 MB
  7. tomcat-servlet-4.0-api-9.0.87-1.el8_10.2.noarch.rpm
    MD5: c7ed8553dec1aedb40f1e69f1d659822
    SHA-256: ba8da57473f970b78cb18cd2f0673359b511a09e10606aaa7b0099ebd4b27775
    Size: 287.64 kB
  8. tomcat-webapps-9.0.87-1.el8_10.2.noarch.rpm
    MD5: 2d71ec0ce88880fb5e37b05c052c53f0
    SHA-256: e037a8e69e346f591f761665753bd75b7cf02066b4346177e2b06c5478a9d213
    Size: 81.46 kB