{"id":"MGASA-2025-0223","summary":"Updated tomcat packages fix vulnerabilities","details":"APR/Native Connector crash leading to DoS. (CVE-2025-52434)\nDoS via integer overflow in multipart file upload. (CVE-2025-52520)\nDoS via excessive h2 streams at connection start. (CVE-2025-53506)\nH2 DoS - Made You Reset. (CVE-2025-48989)\n","modified":"2026-01-30T01:18:59.029535Z","published":"2025-09-02T15:16:35Z","related":["CVE-2025-48989","CVE-2025-52434","CVE-2025-52520","CVE-2025-53506"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0223.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34465"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/07/10/11"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/07/10/12"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/07/10/13"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/08/13/2"}],"affected":[{"package":{"name":"tomcat","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/tomcat?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.108-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0223.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}