[El-errata] ELSA-2025-23050 Important: Oracle Linux 10 tomcat security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Dec 12 05:00:30 UTC 2025
Oracle Linux Security Advisory ELSA-2025-23050
http://linux.oracle.com/errata/ELSA-2025-23050.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
x86_64:
tomcat-10.1.36-3.el10_1.1.noarch.rpm
tomcat-admin-webapps-10.1.36-3.el10_1.1.noarch.rpm
tomcat-docs-webapp-10.1.36-3.el10_1.1.noarch.rpm
tomcat-el-5.0-api-10.1.36-3.el10_1.1.noarch.rpm
tomcat-jsp-3.1-api-10.1.36-3.el10_1.1.noarch.rpm
tomcat-lib-10.1.36-3.el10_1.1.noarch.rpm
tomcat-servlet-6.0-api-10.1.36-3.el10_1.1.noarch.rpm
tomcat-webapps-10.1.36-3.el10_1.1.noarch.rpm
aarch64:
tomcat-10.1.36-3.el10_1.1.noarch.rpm
tomcat-admin-webapps-10.1.36-3.el10_1.1.noarch.rpm
tomcat-docs-webapp-10.1.36-3.el10_1.1.noarch.rpm
tomcat-el-5.0-api-10.1.36-3.el10_1.1.noarch.rpm
tomcat-jsp-3.1-api-10.1.36-3.el10_1.1.noarch.rpm
tomcat-lib-10.1.36-3.el10_1.1.noarch.rpm
tomcat-servlet-6.0-api-10.1.36-3.el10_1.1.noarch.rpm
tomcat-webapps-10.1.36-3.el10_1.1.noarch.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/tomcat-10.1.36-3.el10_1.1.src.rpm
Related CVEs:
CVE-2025-31651
CVE-2025-55752
CVE-2025-61795
Description of changes:
[1:10.1.36-3.1]
- Resolves: RHEL-124494
tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
- Resolves: RHEL-91729
tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
- Resolves: RHEL-132527
tomcat: Denial of service (CVE-2025-61795)
More information about the El-errata
mailing list