{"id":"MGASA-2023-0319","summary":"Updated tomcat packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\n\nIncomplete Cleanup vulnerability in Apache Tomcat.When recycling various\ninternal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11,\nfrom 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from\n8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of\nthe recycling process leading to information leaking from the current\nrequest/response to the next. (CVE-2023-42795)\n\nImproper Input Validation vulnerability in Apache Tomcat.Tomcat from\n11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from\n9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly\nparse HTTP trailer headers. A specially crafted, invalid trailer header\ncould cause Tomcat to treat a single request as multiple requests\nleading to the possibility of request smuggling when behind a reverse\nproxy. (CVE-2023-45648)\n","modified":"2026-01-30T07:22:37.282142Z","published":"2023-11-15T11:35:09Z","related":["CVE-2023-42795","CVE-2023-45648"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0319.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32377"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2023/10/10/9"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2023/10/10/10"}],"affected":[{"package":{"name":"tomcat","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/tomcat?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.82-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0319.json"}},{"package":{"name":"tomcat","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/tomcat?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.82-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0319.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}