|
|
Log in / Subscribe / Register

Debian alert DLA-4468-1 (tomcat9)



From:
              Markus Koschany <apo@debian.org>


To:
              debian-lts-announce <debian-lts-announce@lists.debian.org>


Subject:
              [SECURITY] [DLA 4468-1] tomcat9 security update


Date:
              Thu, 05 Feb 2026 20:33:09 +0100


Message-ID:
              <16f62706fb24ec7de99bd404668c4b7dc0972ab1.camel@debian.org>


-------------------------------------------------------------------------
Debian LTS Advisory DLA-4468-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Markus Koschany
February 05, 2026                             https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : tomcat9
Version        : 9.0.107-0+deb11u2
CVE ID         : CVE-2025-55752 CVE-2025-55754 CVE-2025-61795
 
Several security vulnerabilities have been found in Tomcat 9, a Java web server
and servlet engine. The update corrects various flaws which can lead to a
bypass of security constraints or a denial of service.

In addition it fixes a regression that prevented tomcat's start script from
detecting installations of OpenJDK 17.

For Debian 11 bullseye, these problems have been fixed in version
9.0.107-0+deb11u2.

We recommend that you upgrade your tomcat9 packages.

For the detailed security status of tomcat9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tomcat9

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmmE8HVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQNXxAAz0Aa0rXp2wWIWHLPBiZYRV0qOun8jizemHqeDO5h3Sea9uCmPjLqLD1q
mmuOvXxaZvbVwbyfK+IVEbp/v+IMfnmrG9kt6VWbfP63WOkxYhE6ZWvCcqr682rT
w4oZ8ut+7r88RzfsjrBOYPDVcQ03g7NIjxnkVDjNL4F7mxLYVo47RXj79/kuw7Ga
zYq9CBzd/jX6mRuwX9c776SkFVKmd6QD7QyHMF8p62U1KTtNk0fgloKI0LfaV248
nkbXZsEBrLmK+Dzg5Vm1zMbzfLOe54o8lgWOzKTFoAauO+24P5usWEsLQrCItoJN
qR76kr3qtvcXfCTcDyUoc2W4aTlKSYrD4gUCgxbuG33FHuTboAYgNCb3kmbcViyN
df5BIpMebFS2MeML2XncAPi1jiJNJRo2HLlDsQX1roiI79/ABKML6GN0PjFjC5O7
BWWo6YXEYiuSXpRfc8hUQk1ENp7YzXtFND7wvzF1QWFwN628Xc2cNUzo6lmx9Vat
bpOW8OXUAZlYbWQwzOge5ZUnAZdRQ5fsYXPC2FSmZnkbSxCtGofjFKsSHRCmKLHT
F/oq3bsrB5bRb84FX6eBcJhZK5Vij2HUSgIQs6xKvJvGzuZY1t5JkzcvFfhQHNvL
IMAOMaKPs8hb/HUs+loAlFiXowng/6rju/hkEa65UqTXicT5AiQ=
=Y8zG
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds