Updated tomcat packages fix vulnerabilities
Publication date: 02 Sep 2025Modification date: 02 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-52434 , CVE-2025-52520 , CVE-2025-53506 , CVE-2025-48989
Description
APR/Native Connector crash leading to DoS. (CVE-2025-52434)
DoS via integer overflow in multipart file upload. (CVE-2025-52520)
DoS via excessive h2 streams at connection start. (CVE-2025-53506)
H2 DoS - Made You Reset. (CVE-2025-48989)
References
- https://bugs.mageia.org/show_bug.cgi?id=34465
- https://www.openwall.com/lists/oss-security/2025/07/10/11
- https://www.openwall.com/lists/oss-security/2025/07/10/12
- https://www.openwall.com/lists/oss-security/2025/07/10/13
- https://www.openwall.com/lists/oss-security/2025/08/13/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989
SRPMS
9/core
- tomcat-9.0.108-1.mga9