-----BEGIN PGP SIGNATURE-----
wnsEABYIACMWIQSV2d7RU755utSnx3O7Ba3EKYsoKQUCaC4AXQUDAAAAAAAKCRC7Ba3EKYsoKfR6
AP9yLMS2SRYUftZ8MhBTWi9fIkiEbCeuZ60/LzZ1Y4hp6gD+O+2J5qMMEjI9VuEytYa1VbBWwCs8
D1Mu98VI9Fb3uAo=
=24mL
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7525-1
May 21, 2025
Tomcat vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Tomcat could expose sensitive files or run programs if it received
specially crafted network traffic.
Software Description:
- tomcat10: Apache Tomcat 10 - Servlet and JSP engine
- tomcat9: Apache Tomcat 9 - Servlet and JSP engine
Details:
It was discovered that Apache Tomcat incorrectly implemented partial
PUT functionality by replacing path separators with dots in temporary
files. A remote attacker could possibly use this issue to access
sensitive files, inject malicious content, or execute remote code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libtomcat10-java 10.1.16-1ubuntu0.1~esm1
Available with Ubuntu Pro
tomcat10 10.1.16-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libtomcat9-java 9.0.58-1ubuntu0.2+esm2
Available with Ubuntu Pro
tomcat9 9.0.58-1ubuntu0.2+esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libtomcat9-java 9.0.31-1ubuntu0.9+esm1
Available with Ubuntu Pro
tomcat9 9.0.31-1ubuntu0.9+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libtomcat9-java 9.0.16-3ubuntu0.18.04.2+esm6
Available with Ubuntu Pro
tomcat9 9.0.16-3ubuntu0.18.04.2+esm6
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7525-1
CVE-2025-24813
No comments:
Post a Comment