Release date:
2026-03-25 08:22:04 UTC
Description:
* SECURITY UPDATE: SNI hostname not stored for NIO2 and APR connectors
- debian/patches/CVE-2025-66614.patch: store SNI hostname for NIO2 and
APR connections so that SNI checks are not bypassed
- CVE-2025-66614
Updated packages:
-
libtomcat9-embed-java_9.0.31-1~deb10u12+tuxcare.els4_all.deb
sha:9c69548e267d3e151122ec3b278c3e97dcdd4539
-
libtomcat9-java_9.0.31-1~deb10u12+tuxcare.els4_all.deb
sha:ffa0ccd4daea3521924240120e55ff46316a3071
-
tomcat9_9.0.31-1~deb10u12+tuxcare.els4_all.deb
sha:8d9301a6a36d2009a9dffb48baeca9635316f693
-
tomcat9-admin_9.0.31-1~deb10u12+tuxcare.els4_all.deb
sha:5b47f54f3c896b3d625e07e94437fa1a6e1cb01e
-
tomcat9-common_9.0.31-1~deb10u12+tuxcare.els4_all.deb
sha:4751bbaaa2386dd977d668a977d6ea378e7db9f0
-
tomcat9-docs_9.0.31-1~deb10u12+tuxcare.els4_all.deb
sha:79fdc8f6a238edc1b67b7cddf5bb173fa6c57399
-
tomcat9-examples_9.0.31-1~deb10u12+tuxcare.els4_all.deb
sha:840388ba182195ff827b2fe525046162cbd869c7
-
tomcat9-user_9.0.31-1~deb10u12+tuxcare.els4_all.deb
sha:b9ad502bc1572491f7c2816d4c2d3b691216ba9a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
