Advisories » MGASA-2025-0145

Updated tomcat packages fix security vulnerabilities

Publication date: 05 May 2025
Modification date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31650 , CVE-2025-31651

Description

DoS via malformed HTTP/2 PRIORITY_UPDATE frame. (CVE-2025-31650)
Bypass of rules in Rewrite Valve. (CVE-2025-31651)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34231
• https://www.openwall.com/lists/oss-security/2025/04/28/2
• https://www.openwall.com/lists/oss-security/2025/04/28/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31650
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651

SRPMS

9/core

• tomcat-9.0.104-1.mga9