rpms/tomcat
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2025-24813 and CVE-2024-50379

Browse Source 
Resolves: RHEL-82934 - tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
Resolves: RHEL-71708 - tomcat: RCE due to TOCTOU issue in JSP compilation
This commit is contained in:
Adam Krajcik 2025-04-02 17:26:55 +02:00
parent af3d01b011
commit 5eb69309fe
3 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -5,3 +5,4 @@
/tomcat-9.0.62.redhat-00018-src.zip
/tomcat-9.0.87.redhat-00003-src.zip
/tomcat-9.0.87.redhat-00005-src.zip
/tomcat-9.0.87.redhat-00008-src.zip

2
sources
View File

@ -1 +1 @@
SHA512 (tomcat-9.0.87.redhat-00005-src.zip) = a8574039027b7fd990dc6a6a705e58fb45e5a2e6051cc2da9e7d46513b0d2b0846ffa85ae33be747436ad108464087ba7029880287903e0a53788cfa18a889cf
SHA512 (tomcat-9.0.87.redhat-00008-src.zip) = 5863c033928427db91d1ecf92485641aa3de8d0bf38dd23293c6d86667da46df77b592342031f7caf915a52ed87a415a1d88937809a0b799a17b5901ceda03c2

10
tomcat.spec
View File

@ -32,7 +32,7 @@
%global major_version 9
%global minor_version 0
%global micro_version 87
%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00005-src
%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00008-src
%global servletspec 4.0
%global elspec 3.0
%global tcuid 53
@ -56,7 +56,7 @@
Name: tomcat
Epoch: 1
Version: %{major_version}.%{minor_version}.%{micro_version}
Release: 1%{?dist}.2
Release: 1%{?dist}.3
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
License: ASL 2.0
@ -556,6 +556,12 @@ fi
%changelog
* Wed Apr 02 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.3
- Resolves: RHEL-82934
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
- Resolves: RHEL-71708
tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)
* Thu Aug 08 2024 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.2
- Resolves: RHEL-46167
tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)