AlmaLinux has released important security updates that include two updates for Tomcat and one for the kernel, aimed at enhancing system security and stability.
1. Tomcat Updates
- ALSA-2025:14178: This update addresses several security vulnerabilities in Tomcat 9, including issues that could lead to denial of service (DoS) attacks. Notable vulnerabilities include:
- CVE-2025-48988: DoS in multipart upload.
- CVE-2025-49125: Security constraint bypass for pre/post-resources.
- Several other CVEs related to DoS attacks through various vectors.
- Release Date: August 22, 2025.
- Severity: Important.
2. Kernel Security Update
- ALSA-2025:13962: This update addresses critical issues within the Linux kernel, fixing vulnerabilities that could lead to system instability and security breaches. Key fixes include:
- CVE-2025-21867: Fix for a use-after-free issue.
- Various other CVEs addressing memory management, network, Bluetooth, and WiFi vulnerabilities.
- Release Date: August 22, 2025.
- Severity: Important.
3. Additional Tomcat Update
- ALSA-2025:14181: Similar to the first Tomcat update, this also addresses critical vulnerabilities in Tomcat. The security issues outlined are identical to those in the first Tomcat update, emphasizing the importance of applying these updates to ensure the security of Java applications hosted on Tomcat.
- Release Date: August 22, 2025.
- Severity: Important.
For any questions or further assistance, users are directed to the AlmaLinux community chat and can also manage their notification settings through the mailing list platform
Tomcat and Kernel Security Updates
1. Tomcat Updates
- ALSA-2025:14178: This update addresses several security vulnerabilities in Tomcat 9, including issues that could lead to denial of service (DoS) attacks. Notable vulnerabilities include:
- CVE-2025-48988: DoS in multipart upload.
- CVE-2025-49125: Security constraint bypass for pre/post-resources.
- Several other CVEs related to DoS attacks through various vectors.
- Release Date: August 22, 2025.
- Severity: Important.
2. Kernel Security Update
- ALSA-2025:13962: This update addresses critical issues within the Linux kernel, fixing vulnerabilities that could lead to system instability and security breaches. Key fixes include:
- CVE-2025-21867: Fix for a use-after-free issue.
- Various other CVEs addressing memory management, network, Bluetooth, and WiFi vulnerabilities.
- Release Date: August 22, 2025.
- Severity: Important.
3. Additional Tomcat Update
- ALSA-2025:14181: Similar to the first Tomcat update, this also addresses critical vulnerabilities in Tomcat. The security issues outlined are identical to those in the first Tomcat update, emphasizing the importance of applying these updates to ensure the security of Java applications hosted on Tomcat.
- Release Date: August 22, 2025.
- Severity: Important.
Conclusion and Recommendations
It is crucial for users and administrators of AlmaLinux to promptly apply these updates to mitigate potential security risks. For full details on each update, including CVSS scores and impacts, users are encouraged to visit the provided links to the AlmaLinux errata pages. Staying updated helps to protect systems from vulnerabilities that could be exploited by malicious actors.For any questions or further assistance, users are directed to the AlmaLinux community chat and can also manage their notification settings through the mailing list platform
Tomcat and Kernel updates for AlmaLinux
AlmaLinux has implemented a series of security updates, encompassing two Tomcat updates and a kernel security update:
ALSA-2025:14178: tomcat9 security update (Important)
ALSA-2025:13962: kernel security update (Important)
ALSA-2025:14181: tomcat security update (Important)
