Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Oracle Linux 10 ELSA-2025-14179 Tomcat Important Denial of Service

oracle
Calendar Grey August 25, 2025
Oracle Linux Logo Esm H88
Oracle Linux 10 security notices for PostgreSQL fix several DoS vulnerabilities. Critical patches are released immediately.
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Summary

[1:10.1.36-1.2] - tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988) - tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125) - apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976) - tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989) - tomcat: Apache Tomcat denial of service (CVE-2025-52520) - tomcat: Apache Tomcat denial of service (CVE-2025-53506)

SRPMs

http://oss.oracle.com/ol10/SRPMS-updates/tomcat-10.1.36-1.el10_0.2.src.rpm

x86_64

tomcat-10.1.36-1.el10_0.2.noarch.rpm tomcat-admin-webapps-10.1.36-1.el10_0.2.noarch.rpm tomcat-docs-webapp-10.1.36-1.el10_0.2.noarch.rpm tomcat-el-5.0-api-10.1.36-1.el10_0.2.noarch.rpm tomcat-jsp-3.1-api-10.1.36-1.el10_0.2.noarch.rpm tomcat-lib-10.1.36-1.el10_0.2.noarch.rpm tomcat-servlet-6.0-api-10.1.36-1.el10_0.2.noarch.rpm tomcat-webapps-10.1.36-1.el10_0.2.noarch.rpm

aarch64

tomcat-10.1.36-1.el10_0.2.noarch.rpm tomcat-admin-webapps-10.1.36-1.el10_0.2.noarch.rpm tomcat-docs-webapp-10.1.36-1.el10_0.2.noarch.rpm tomcat-el-5.0-api-10.1.36-1.el10_0.2.noarch.rpm tomcat-jsp-3.1-api-10.1.36-1.el10_0.2.noarch.rpm tomcat-lib-10.1.36-1.el10_0.2.noarch.rpm tomcat-servlet-6.0-api-10.1.36-1.el10_0.2.noarch.rpm tomcat-webapps-10.1.36-1.el10_0.2.noarch.rpm

Severity
important
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2025-48976 CVE-2025-48988 CVE-2025-48989 CVE-2025-49125 CVE-2025-52520 CVE-2025-53506

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here