MGASA-2024-0090

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0090.html

Import Source

https://advisories.mageia.org/MGASA-2024-0090.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2024-0090

Related

Published

2024-03-26T22:02:49Z

Modified

2024-03-26T21:49:07Z

Summary

Updated tomcat packages fix security vulnerabilities

Details

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. (CVE-2024-23672) Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed. (CVE-2024-24549)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / tomcat

Package

Name: tomcat
Purl: pkg:rpm/mageia/tomcat?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.87-1.mga9

Ecosystem specific

{
    "section": "core"
}