tomcat-9.0.87-1.el8_10.1.ML.1
エラータID: AXSA:2024-8475:09
リリース日:
2024/06/27 Thursday - 15:13
題名:
tomcat-9.0.87-1.el8_10.1.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache Tomcat には、接続後のクリーンアップ処理の
不備により WebSocket 接続が適切にクローズされない
問題があるため、リモートの攻撃者により、クライアント
が WebSocket 接続を開いたままにすることを介して、
サービス拒否攻撃 (リソースの枯渇) を可能とする脆弱性
が存在します。(CVE-2024-23672)
- Apache Tomcat には、HTTP/2 リクエスト内のヘッダー
ごとの制限を超過しても、すべてのヘッダーを処理する
まで HTTP/2 ストリームをリセットしない問題があるため、
リモートの攻撃者により、サービス拒否攻撃 (リソースの
枯渇) を可能とする脆弱性が存在します。
(CVE-2024-24549)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-23672
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
CVE-2024-24549
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
追加情報:
N/A
ダウンロード:
SRPMS
- tomcat-9.0.87-1.el8_10.1.ML.1.src.rpm
MD5: ac4d6430691f8bd3f3e51434aa0dcdb4
SHA-256: 2a647533e2aced6453362e8bf2e7f8c0cfe6b75eae138eaadff6f2bf66342693
Size: 15.10 MB
Asianux Server 8 for x86_64
- tomcat-9.0.87-1.el8_10.1.ML.1.noarch.rpm
MD5: 93513171372fa4d272c14f3d3895bd23
SHA-256: 809ceb0a7c16b0e13f4b28ecd3d77e63ec3bb5452dd4ade1bd2014d43b81c457
Size: 91.72 kB - tomcat-admin-webapps-9.0.87-1.el8_10.1.ML.1.noarch.rpm
MD5: b2e19d885b06418de6387f456392edb8
SHA-256: ae9b17d872671f4833f3600a12a6a89f4b4c7c70deabee02051f4b02c713b3c9
Size: 72.66 kB - tomcat-docs-webapp-9.0.87-1.el8_10.1.ML.1.noarch.rpm
MD5: 797e4b8c0cba021148a607be40f8b3aa
SHA-256: e30bcd8ffc4342f6127f5a5a18819c036ec77b71aedbb12b79439f4a838eba98
Size: 753.64 kB - tomcat-el-3.0-api-9.0.87-1.el8_10.1.ML.1.noarch.rpm
MD5: 0faf108b871a897ec9594e1c7b784a22
SHA-256: bfe2120c3a0735877c31e2cd12c9f959bd6ce2e8e800fc5915cb6c074fbf3d81
Size: 105.68 kB - tomcat-jsp-2.3-api-9.0.87-1.el8_10.1.ML.1.noarch.rpm
MD5: 45cada731d81decc6736d5e3f56148a4
SHA-256: d17b040e0f966016946575eb7aecd88fa4cb537388b7d36c37c9e88f563e4670
Size: 71.58 kB - tomcat-lib-9.0.87-1.el8_10.1.ML.1.noarch.rpm
MD5: d3419ce022eefb6916f683614b108516
SHA-256: 1771b9b393a98fe43063b6664e04b6c6e2033f3b5ccfd89d5237f542bb375de5
Size: 6.04 MB - tomcat-servlet-4.0-api-9.0.87-1.el8_10.1.ML.1.noarch.rpm
MD5: 27f526b29cc681f3738b5d54fd3a3684
SHA-256: 5e908787814a6fa56424e6e633aca4e0302293608b439822c993e0975009e6d5
Size: 286.26 kB - tomcat-webapps-9.0.87-1.el8_10.1.ML.1.noarch.rpm
MD5: 16698819bdeaf2b666a67d44e4d852ba
SHA-256: ba6d388bf73aaa39c73b1041f7c8e8410b246db72e69f3a52fccf4168fddcf48
Size: 80.09 kB
English