tomcat-9.0.87-1.el9_4.2
エラータID: AXSA:2024-8696:10
リリース日:
2024/08/22 Thursday - 10:31
題名:
tomcat-9.0.87-1.el9_4.2
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache Tomcat には、過剰に付加された HTTP ヘッダーの
処理の不備に起因して、処理のタイムアウトが有効化されず、
有効な HTTP/2 ストリーム数が誤って算出されてしまう問題
があるため、リモートの攻撃者により、細工された HTTP/2
パケットの送信を介して、サービス拒否攻撃 (コネクションの
枯渇) を可能とする脆弱性が存在します。(CVE-2024-34750)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-34750
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
追加情報:
N/A
ダウンロード:
SRPMS
- tomcat-9.0.87-1.el9_4.2.src.rpm
MD5: 24365a12d989d7cd37407fc34721e6f9
SHA-256: 15ec842ab1979479d904f1542676d5cc9738f8f725cf2a26c99cbcd7532bacc5
Size: 15.12 MB
Asianux Server 9 for x86_64
- tomcat-9.0.87-1.el9_4.2.noarch.rpm
MD5: 966b35fe2b4cfcb25e45a70d1fdbf1bf
SHA-256: 5e57b5e7fb6f5be9b1fdbf9e2e8d0d3afcad6a71c047f12b282967fdb8220d3d
Size: 98.96 kB - tomcat-admin-webapps-9.0.87-1.el9_4.2.noarch.rpm
MD5: 10a5b0207cefc70de7c1afe6b5a07e36
SHA-256: 61f8143b12a2ef92a8323e64df83388472251a9ee787c0000678edd395ead6d0
Size: 79.79 kB - tomcat-docs-webapp-9.0.87-1.el9_4.2.noarch.rpm
MD5: 3ebd6bf15e6d7506ab89fc17a8375231
SHA-256: f1c92e6de5e97035b16700194e8a58023b87dce92dbdf0bdfdfb476834513123
Size: 725.65 kB - tomcat-el-3.0-api-9.0.87-1.el9_4.2.noarch.rpm
MD5: 6f851a4e50d4ab9287e4209a6be6633a
SHA-256: f13ebd3de811d2ac3baa9f936b00ed3a80076da231c1eeddff7a4ff174abf3c1
Size: 105.66 kB - tomcat-jsp-2.3-api-9.0.87-1.el9_4.2.noarch.rpm
MD5: de2fbbe0275d43fa827e55304528dd5d
SHA-256: c0995913c80207f1342ea46bb05feeb4519406faac87b838c8fb9fd9119adcde
Size: 72.63 kB - tomcat-lib-9.0.87-1.el9_4.2.noarch.rpm
MD5: a0143a4d3656bb040b0e2f1536830241
SHA-256: 46b70627fa92e1a06eb359d6b342364df867514bb4025552dda6db0db9da83b5
Size: 5.97 MB - tomcat-servlet-4.0-api-9.0.87-1.el9_4.2.noarch.rpm
MD5: 845f5219ad94ed0e111f70c8bcff6645
SHA-256: ec1e33e9472c5b5d078e915698e6393d1a80437ec1c8c3d0456ae4f376468c06
Size: 284.67 kB - tomcat-webapps-9.0.87-1.el9_4.2.noarch.rpm
MD5: 8b95eaefd5d9a3a080a6e76c3acb0060
SHA-256: e39134832c0bf36c452f2a70a438b056b4f1489a6d73f11ff5cd029ba582dcd8
Size: 80.66 kB
English