|
|
Subscribe / Log in / New account

Ubuntu alert USN-7525-1 (Tomcat)



From:
              Vyom Yadav <vyom.yadav@canonical.com>


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7525-1] Tomcat vulnerability


Date:
              Wed, 21 May 2025 22:03:33 +0530


Message-ID:
              <d0b49cb1-1d82-489c-ba3a-86c950b44c43@canonical.com>


==========================================================================
Ubuntu Security Notice USN-7525-1
May 21, 2025

Tomcat vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Tomcat could expose sensitive files or run programs if it received
specially crafted network traffic.

Software Description:
- tomcat10: Apache Tomcat 10 - Servlet and JSP engine
- tomcat9: Apache Tomcat 9 - Servlet and JSP engine

Details:

It was discovered that Apache Tomcat incorrectly implemented partial
PUT functionality by replacing path separators with dots in temporary
files. A remote attacker could possibly use this issue to access
sensitive files, inject malicious content, or execute remote code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   libtomcat10-java                10.1.16-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   tomcat10                        10.1.16-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 22.04 LTS
   libtomcat9-java                 9.0.58-1ubuntu0.2+esm2
                                   Available with Ubuntu Pro
   tomcat9                         9.0.58-1ubuntu0.2+esm2
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   libtomcat9-java                 9.0.31-1ubuntu0.9+esm1
                                   Available with Ubuntu Pro
   tomcat9                         9.0.31-1ubuntu0.9+esm1
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   libtomcat9-java                 9.0.16-3ubuntu0.18.04.2+esm6
                                   Available with Ubuntu Pro
   tomcat9                         9.0.16-3ubuntu0.18.04.2+esm6
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7525-1
   CVE-2025-24813





Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQSV2d7RU755utSnx3O7Ba3EKYsoKQUCaC4AXQUDAAAAAAAKCRC7Ba3EKYsoKfR6
AP9yLMS2SRYUftZ8MhBTWi9fIkiEbCeuZ60/LzZ1Y4hp6gD+O+2J5qMMEjI9VuEytYa1VbBWwCs8
D1Mu98VI9Fb3uAo=
=24mL
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds