Fix CVE-2025-48989

Resolves: RHEL-102201 - http/2 "MadeYouReset" DoS attack through HTTP/2 control frames
2025-08-14 15:32:28 +02:00 · 2025-08-14 15:32:28 +02:00 · 6099be4b08
commit 6099be4b08
parent 564c630bd5
3 changed files with 8 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -12,3 +12,4 @@ apache-tomcat-*-src/
 /tomcat-9.0.87.redhat-00008-src.zip
 /tomcat-9.0.87.redhat-00010-src.zip
 /tomcat-9.0.87.redhat-00011-src.zip
+/tomcat-9.0.87.redhat-00012-src.zip
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (tomcat-9.0.87.redhat-00011-src.zip) = a5cd593edb6925ab9bc123faa2476815e61f31a3d22962149c041861bacfeba15fff77d3c56565e8283177fcdc84cf2d1b70b6a60732e9bab154f36cf438912a
+SHA512 (tomcat-9.0.87.redhat-00012-src.zip) = 09c490294696114a2fd1c0680db96c969a331d070d1855ae4814bea5d57f9e891d6576b4acae56f53864280e53c3e6983c2b1a11861b0b0f52c021048482c696
--- a/tomcat.spec
+++ b/tomcat.spec
@ -32,7 +32,7 @@
 %global major_version 9
 %global minor_version 0
 %global micro_version 87
-%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00011-src
+%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00012-src
 %global servletspec 4.0
 %global elspec 3.0
 %global tcuid 53
@ -56,7 +56,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       5%{?dist}
+Release:       6%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API

 License:       ASL 2.0
@ -557,6 +557,10 @@ fi


 %changelog
+* Thu Aug 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-6
+- Resolves: RHEL-102201
+  tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
+
 * Tue Aug 12 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5
 - Resolves: RHEL-108489
  tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)