tomcat-9.0.87-1.el8_10.2
エラータID: AXSA:2024-8697:11
リリース日:
2024/08/22 Thursday - 10:42
題名:
tomcat-9.0.87-1.el8_10.2
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache Tomcat には、過剰に付加された HTTP ヘッダーの
処理の不備に起因して、処理のタイムアウトが有効化されず、
有効な HTTP/2 ストリーム数が誤って算出されてしまう問題
があるため、リモートの攻撃者により、細工された HTTP/2
パケットの送信を介して、サービス拒否攻撃 (コネクションの
枯渇) を可能とする脆弱性が存在します。(CVE-2024-34750)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-34750
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
追加情報:
N/A
ダウンロード:
SRPMS
- tomcat-9.0.87-1.el8_10.2.src.rpm
MD5: b28b2aeae5a4c82aa2464a9af1c59bfa
SHA-256: b2c7548435c8753801a3539380e816385b321686f04efab819dc2f0aa8de9360
Size: 15.10 MB
Asianux Server 8 for x86_64
- tomcat-9.0.87-1.el8_10.2.noarch.rpm
MD5: 5ecb40a3eca2ed7837d5be6471706e1e
SHA-256: b98eddbfefd050a939ba40dd9fb88083cc0d8c586aa78fe0b16e4be7085b7ff3
Size: 93.08 kB - tomcat-admin-webapps-9.0.87-1.el8_10.2.noarch.rpm
MD5: c38377d260d21df61749877ddff34845
SHA-256: 5a64163d4808bb26d0d911ae2b94e3a4490061d9f4d834a77b6792d6d2dabdce
Size: 74.04 kB - tomcat-docs-webapp-9.0.87-1.el8_10.2.noarch.rpm
MD5: e4a2694195c1be5c1de4cbdec776b0f7
SHA-256: de3d3c6ba76ef8a87453e9828d3940b9af8332a295c2022de57905db9ac69c6b
Size: 755.10 kB - tomcat-el-3.0-api-9.0.87-1.el8_10.2.noarch.rpm
MD5: 1d2e2a5583a4b265012b6dec091deb04
SHA-256: 2786da4b5a09bece5799c1f2afb8778af2b73bc7b15158618f18e41a81f1f5a0
Size: 107.07 kB - tomcat-jsp-2.3-api-9.0.87-1.el8_10.2.noarch.rpm
MD5: de017086973d1d9931f1f8832d1379a3
SHA-256: 2be861b48c39584ede9dca96462f6998324fcca34792061093a9ec013bf720e2
Size: 72.95 kB - tomcat-lib-9.0.87-1.el8_10.2.noarch.rpm
MD5: b590704e5fdce748093d96d9eb0785b4
SHA-256: a8228323e8ad847697ce14a34453e4455943970340f2bff5a499d5a3736a6819
Size: 6.04 MB - tomcat-servlet-4.0-api-9.0.87-1.el8_10.2.noarch.rpm
MD5: c7ed8553dec1aedb40f1e69f1d659822
SHA-256: ba8da57473f970b78cb18cd2f0673359b511a09e10606aaa7b0099ebd4b27775
Size: 287.64 kB - tomcat-webapps-9.0.87-1.el8_10.2.noarch.rpm
MD5: 2d71ec0ce88880fb5e37b05c052c53f0
SHA-256: e037a8e69e346f591f761665753bd75b7cf02066b4346177e2b06c5478a9d213
Size: 81.46 kB
English