Debian alert DLA-4244-1 (tomcat9)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce <debian-lts-announce@lists.debian.org> | |
| Subject: | [SECURITY] [DLA 4244-1] tomcat9 security update | |
| Date: | Tue, 22 Jul 2025 03:05:11 +0200 | |
| Message-ID: | <ac5e368de5d809eb50dbf76d473bb4c676b6bc07.camel@debian.org> |
------------------------------------------------------------------------- Debian LTS Advisory DLA-4244-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany July 22, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : tomcat9 Version : 9.0.107-0+deb11u1 CVE ID : CVE-2024-34750 CVE-2024-54677 CVE-2025-31650 CVE-2025-31651 CVE-2025-46701 CVE-2025-48976 CVE-2025-48988 CVE-2025-49125 CVE-2025-52434 CVE-2025-52520 CVE-2025-53506 Several security vulnerabilities have been found in Tomcat 9, a Java web server and servlet engine. Most notably the update improves the handling of HTTP/2 connections and corrects various flaws which can lead to uncontrolled resource consumption and a denial of service. For Debian 11 bullseye, these problems have been fixed in version 9.0.107-0+deb11u1. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmh+48dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeScIA/9FpisoIAb8mmpFTtGqScOUPvYjoVGHDPczp3lWzY2N3+62Vk4R/qLGIUf C4+iWuhiCTkxFIhfnEJUxDkdWoWXo/SbfeoQRhHoalJt1Oygc4lvkF1Oh9H8HmYp p/yw3iMaXXcdcJIiRo1TPnxTrNiyw/gswoD1zZAnuUyEPyt207aFe6O8vHBktomx KNAFmscKk0Zu3F2FZng0yOycw/JBfTs8qdl8sGajakDarMaDtK/3QO60+FTiGmmd hRl06QbuNBCBf3MR22MMO3S0MS3ErSYe1lgYSPH+Ox7JDxgZHPDxMnhG4Scc03mE A3Ng5d6AlkzfscfRPJr7rpUdzsv0oqrkzT/Eku4CfKhBVIzSptTFSKAC3qyJKmQB NY48eGWv8SA0mrQphIBDu+GtQnR50TEqMx0qE7qCX8qTB++ImGiZiVsgxXyZ99Db A6ayFu6lgHzftlQ8iSD+V1gzUzaG4mevUGQTXiUX5MshWLgvNivGvbHO19415vcR E9c+Y+4IvyTp9Gw8b1HgCk+RKiqFHAwcPnQXqwcxQ7YjBkaF5pI9KXr6UmQ59dlr AW/OCfQ7jG7V9zFsMcvrIVOVoDdV0TyI+ynXKv2HWsa9CIuJ6vdqOq8ygcT1VnOm MzGCg/FrtxAcOuOZ3ube3/gJH9kpiJRAX1sm7mHq+rMW8yzJbG8= =CAxA -----END PGP SIGNATURE-----