Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Debian 10: DSA-5522-2 Critical: Tomcat9 Rapid Reset Attack Regression Fix

debian
Calendar Grey October 12, 2023
Debian Logo
Debian Security Advisory DSA-5523-1 pertains to vulnerabilities discovered in nginx that allow for potential remote code execution and highlights the critical updates required.
The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and caused a regression when using asynchronous I/O (the default for NIO and NIO2)
Topics%20covered

Topics Covered

security advisory critical debian regression tomcat9 rapid reset asynchronous I/O

Summary

The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and
caused a regression when using asynchronous I/O (the default for NIO and NIO2).
DATA frames must be included when calculating the HTTP/2 overhead count to
ensure that connections are not prematurely terminated.

For the oldstable distribution (bullseye), this problem has been fixed
in version 9.0.43-2~deb11u8.

We recommend that you upgrade your tomcat9 packages.

For the detailed security status of tomcat9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/tomcat9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: tomcat9
CVE ID: CVE-2023-44487

Topics%20covered

Topics Covered

security advisory critical debian regression tomcat9 rapid reset asynchronous I/O

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here