Debian alert DSA-6121-1 (tomcat11)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 6121-1] tomcat11 security update | |
| Date: | Thu, 05 Feb 2026 20:56:17 +0000 | |
| Message-ID: | <aYUD8aa_hXZRiL2m@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6121-1 security@debian.org https://www.debian.org/security/ Markus Koschany February 05, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat11 CVE ID : CVE-2025-46701 CVE-2025-48976 CVE-2025-48988 CVE-2025-48989 CVE-2025-49125 CVE-2025-52520 CVE-2025-53506 CVE-2025-55668 CVE-2025-55752 CVE-2025-55754 CVE-2025-61795 Debian Bug : 1106821 1108118 1108116 1111096 1108114 1109111 1109113 1111098 Several security vulnerabilities have been found in Tomcat 11, a Java web server and servlet engine. This update improves the handling of HTTP/2 connections and corrects various flaws which can lead to uncontrolled resource consumption and a denial of service. For the stable distribution (trixie), these problems have been fixed in version 11.0.15-1~deb13u1. We recommend that you upgrade your tomcat11 packages. For the detailed security status of tomcat11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmmFA41fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRE1g//XhN27TXcGPU568iN+3ulUnaTqV3i8lQcaxeAZRXuN+OmG5WXfBzmUEG3 g9lZDHk1WPuDymFDEt3XX5QKTdKv9fxSZTxf8jpaL5iCmjkiZ8tdHSOCG92+jbXr iykISrNIaQJW9zQs6qJYcNru9J4cgC9cnSrlI0PCDJMkDzyrxIUDk8iaM6QfRdPx IVxiPrPeoc/pdzHsKCHnmLuQe6H8N2qXAlktwSh+1AW8iX61vzRnXe4PgUNPNlrl qeBuZIHm2YFuzaVW/29gHsRN0BwC9s2iQraN32DTF2qcChurwinWsNNu8rbW0zGQ ZKAmDf4bRerDoFTA7Qa/qumh7aT71cTNl3RQUfJTtNI5ZMArqExzokpsWmVWLPR6 3uJGT3p3FP8hXGuRa8lC+OmXg7wLAQu7WwImE6520aYq7THkM4HeroY5TE3Guuj/ Bxtc2Z9PiLk2QR+HAyw4uNLYlOnhgPpeCPgXKET1V9JtivnFuOEYW96sUWO2z1KJ N5C3YVBYIouBi0gUj1xW/6VCo108HNOV5EepbvFIJnUDeIJOc9Wgl4DkSoxt8+um iEf+jr82+QP3Qrattou0hIbT/mFRSebRaaBT2kaALbl9gV2Z2jxUwP0Z4pkmcyhP 6jFncD19hjxhpKoteggbnJ+tSWXRBv0S85MCRwwrL7bhxDIE6uI= =46jF -----END PGP SIGNATURE-----