USN-7525-2

Source
https://ubuntu.com/security/notices/USN-7525-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7525-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-7525-2
Related
Published
2025-05-26T11:41:03.555467Z
Modified
2025-05-26T11:41:03.555467Z
Summary
Tomcat vulnerability
Details

USN-7525-1 fixed CVE-2025-24813 for tomcat9 in Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. This update fixes it for tomcat9 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.10. These versions include only the tomcat library (libtomcat9-java) and not the full tomcat server stack.

Original advisory details:

It was discovered that Apache Tomcat incorrectly implemented partial PUT functionality by replacing path separators with dots in temporary files. A remote attacker could possibly use this issue to access sensitive files, inject malicious content, or execute remote code.

References

Affected packages

Ubuntu:24.10 / tomcat9

Package

Name
tomcat9
Purl
pkg:deb/ubuntu/tomcat9@9.0.70-2ubuntu1.24.10.1?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.70-2ubuntu1.24.10.1

Affected versions

9.*

9.0.70-2
9.0.70-2ubuntu1.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "9.0.70-2ubuntu1.24.10.1",
            "binary_name": "libtomcat9-java"
        }
    ]
}

Ubuntu:Pro:24.04:LTS / tomcat9

Package

Name
tomcat9
Purl
pkg:deb/ubuntu/tomcat9@9.0.70-2ubuntu0.1+esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.70-2ubuntu0.1+esm1

Affected versions

9.*

9.0.70-1ubuntu1
9.0.70-2
9.0.70-2ubuntu0.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "9.0.70-2ubuntu0.1+esm1",
            "binary_name": "libtomcat9-java"
        }
    ]
}

Ubuntu:25.04 / tomcat9

Package

Name
tomcat9
Purl
pkg:deb/ubuntu/tomcat9@9.0.70-2ubuntu1.25.04.1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.70-2ubuntu1.25.04.1

Affected versions

9.*

9.0.70-2ubuntu1.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "9.0.70-2ubuntu1.25.04.1",
            "binary_name": "libtomcat9-java"
        }
    ]
}