[Apollo] Advisories Statistics light light Login

RLSA-2025:23050

Security Mirrored from RHSA-2025:23050
Issued at: 2025-12-12
Updated at: 2025-12-26

Synopsis

Important: tomcat security update



Description

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)

* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)

* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 10 aarch64 Rocky Linux 10 ppc64le Rocky Linux 10 s390x Rocky Linux 10 x86_64

Fixes

2362782 2406588 2406591

CVEs

CVE-2025-31651 CVE-2025-55752 CVE-2025-61795

Affected packages

Rocky Linux 10 aarch64 - AppStream

tomcat-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-1:10.1.36-3.el10_1.1.src.rpm tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-lib-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-webapps-1:10.1.36-3.el10_1.1.noarch.rpm

Rocky Linux 10 ppc64le - AppStream

tomcat-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-1:10.1.36-3.el10_1.1.src.rpm tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-lib-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-webapps-1:10.1.36-3.el10_1.1.noarch.rpm

Rocky Linux 10 s390x - AppStream

tomcat-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-1:10.1.36-3.el10_1.1.src.rpm tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-lib-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-webapps-1:10.1.36-3.el10_1.1.noarch.rpm

Rocky Linux 10 x86_64 - AppStream

tomcat-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-1:10.1.36-3.el10_1.1.src.rpm tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-lib-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch.rpm tomcat-webapps-1:10.1.36-3.el10_1.1.noarch.rpm