Fix CVE-2025-31650 and CVE-2024-56337
Resolves: RHEL-91761 - tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE Resolves: RHEL-71971 - tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation
This commit is contained in:
Adam Krajcik
parent
5eb69309fe
commit
252c30ce53
1
.gitignore
vendored
1
.gitignore
vendored
@ -6,3 +6,4 @@
|
||||
/tomcat-9.0.87.redhat-00003-src.zip
|
||||
/tomcat-9.0.87.redhat-00005-src.zip
|
||||
/tomcat-9.0.87.redhat-00008-src.zip
|
||||
/tomcat-9.0.87.redhat-00010-src.zip
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (tomcat-9.0.87.redhat-00008-src.zip) = 5863c033928427db91d1ecf92485641aa3de8d0bf38dd23293c6d86667da46df77b592342031f7caf915a52ed87a415a1d88937809a0b799a17b5901ceda03c2
|
||||
SHA512 (tomcat-9.0.87.redhat-00010-src.zip) = fd65e91c2fd11d48396692e0e88fbba8c2025ec35cbefb29b9b192c516af958ad357a1232e21abd262187d14add45b1441c34d3fa76ac40ba0866febbbfb341d
|
||||
|
||||
@ -10,7 +10,8 @@ OPTIONS="-Dcatalina.base=$CATALINA_BASE \
|
||||
-Djava.endorsed.dirs=$JAVA_ENDORSED_DIRS \
|
||||
-Djava.io.tmpdir=$CATALINA_TMPDIR \
|
||||
-Djava.util.logging.config.file=${LOGGING_PROPERTIES} \
|
||||
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"
|
||||
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
|
||||
-Dsun.io.useCanonCaches=false"
|
||||
|
||||
if [ "$1" = "start" ] ; then
|
||||
FLAGS="${FLAGS} $CATALINA_OPTS"
|
||||
|
||||
10
tomcat.spec
10
tomcat.spec
@ -32,7 +32,7 @@
|
||||
%global major_version 9
|
||||
%global minor_version 0
|
||||
%global micro_version 87
|
||||
%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00008-src
|
||||
%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00010-src
|
||||
%global servletspec 4.0
|
||||
%global elspec 3.0
|
||||
%global tcuid 53
|
||||
@ -56,7 +56,7 @@
|
||||
Name: tomcat
|
||||
Epoch: 1
|
||||
Version: %{major_version}.%{minor_version}.%{micro_version}
|
||||
Release: 1%{?dist}.3
|
||||
Release: 1%{?dist}.4
|
||||
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
|
||||
|
||||
License: ASL 2.0
|
||||
@ -556,6 +556,12 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon May 26 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.4
|
||||
- Resolves: RHEL-91761
|
||||
tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
|
||||
- Resolves: RHEL-71971
|
||||
tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)
|
||||
|
||||
* Wed Apr 02 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.3
|
||||
- Resolves: RHEL-82934
|
||||
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user