Fix multiple CVES

Resolves: RHEL-108900 - CVE-2025-48976 Resolves: RHEL-108902 - CVE-2025-48988 Resolves: RHEL-108904 - CVE-2025-49125 Resolves: RHEL-108908 - CVE-2025-53506
2025-08-13 17:40:42 +02:00 · 2025-08-13 17:40:42 +02:00 · 20cf6bbd1b
commit 20cf6bbd1b
parent b84e1112ca
2 changed files with 13 additions and 3 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (tomcat-10.1.36.redhat-00007-src.zip) = 2b40fad4c984278a4fa4e25e2ff9ac16866edf49f8b026531f491af1392f3e9315fde24c4fc07d4f4fe12f2ae8d1fa402bf3b4f02ce2a14f448d7076f4cdaa33
+SHA512 (tomcat-10.1.36.redhat-00008-src.zip) = cdfcacf770c4c2f265b33fb88299ea98994fc79d1eb0eb20c7b2b166937179c8690bb4706208311e57c15e08b96809b97b6ca5d99b2182741b106edb46e81bec
--- a/tomcat.spec
+++ b/tomcat.spec
@ -32,7 +32,7 @@
 %global major_version 10
 %global minor_version 1
 %global micro_version 36
-%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00007-src
+%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00008-src
 %global servletspec 6.0
 %global elspec 5.0
 %global tcuid 53
@ -54,7 +54,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       1%{?dist}
+Release:       2%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API

 License:       Apache-2.0
@ -543,6 +543,16 @@ exit 0
 %{appdir}/ROOT

 %changelog
+* Wed Aug 13 2025 Adam Krajcik <akrajcik@redhat.com> - 1:10.1.36-2
+- Resolves: RHEL-108900
+  tomcat: Apache  FileUpload DOS via part headers (CVE-2025-48976)
+- Resolves: RHEL-108902
+  tomcat: Dos in multipart upload (CVE-2025-48988)
+- Resolves: RHEL-108904
+  tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
+- Resolves: RHEL-108908
+  tomcat: Denial of service (CVE-2025-53506)
+
 * Mon Apr 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:10.1.36-1
 - Rebase tomcat to 10.1.36
 - Resolves: RHEL-82925