Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Oracle Linux 10: ELSA-2025-11332 Tomcat9 Important DoS and RCE

oracle
Calendar Grey July 17, 2025
Oracle Linux Logo Esm H88
Updates for Apache Tomcat 9 on Oracle Linux tackle significant security threats, such as RCE and DoS vulnerabilities. Take immediate action.
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Summary

[1:9.0.87-5.1] - Resolves: RHEL-91765 tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650) - Resolves: RHEL-71981 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)

SRPMs

http://oss.oracle.com/ol10/SRPMS-updates/tomcat9-9.0.87-5.el10_0.1.src.rpm

x86_64

tomcat9-9.0.87-5.el10_0.1.noarch.rpm tomcat9-admin-webapps-9.0.87-5.el10_0.1.noarch.rpm tomcat9-docs-webapp-9.0.87-5.el10_0.1.noarch.rpm tomcat9-el-3.0-api-9.0.87-5.el10_0.1.noarch.rpm tomcat9-jsp-2.3-api-9.0.87-5.el10_0.1.noarch.rpm tomcat9-lib-9.0.87-5.el10_0.1.noarch.rpm tomcat9-servlet-4.0-api-9.0.87-5.el10_0.1.noarch.rpm tomcat9-webapps-9.0.87-5.el10_0.1.noarch.rpm

aarch64

tomcat9-9.0.87-5.el10_0.1.noarch.rpm tomcat9-admin-webapps-9.0.87-5.el10_0.1.noarch.rpm tomcat9-docs-webapp-9.0.87-5.el10_0.1.noarch.rpm tomcat9-el-3.0-api-9.0.87-5.el10_0.1.noarch.rpm tomcat9-jsp-2.3-api-9.0.87-5.el10_0.1.noarch.rpm tomcat9-lib-9.0.87-5.el10_0.1.noarch.rpm tomcat9-servlet-4.0-api-9.0.87-5.el10_0.1.noarch.rpm tomcat9-webapps-9.0.87-5.el10_0.1.noarch.rpm

Severity
important
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2024-56337 CVE-2025-31650

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here