Release date:
2026-03-20 09:59:17 UTC
Description:
* SECURITY UPDATE: Improper Input Validation vulnerability
- debian/patches/CVE-2025-66614.patch: Add protocol host name and SNI host
name matching with strictSNI attribute on the Connector. Covers NIO, NIO2,
and APR connectors.
- CVE-2025-66614
Updated packages:
-
libtomcat9-embed-java_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
sha:335f68c2ce914babcc2e526c178d124e8e2c3054
-
libtomcat9-java_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
sha:f3730283c63fd748c3f215a1bbd2935694c8ae0c
-
tomcat9_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
sha:4a13a8c72a05071d3ae79383c585ec80095aa277
-
tomcat9-admin_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
sha:1621d4517ac6406b50b2641862bb096afb43f855
-
tomcat9-common_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
sha:e99d50f5d302a78f398435a5bbd062572746f6e6
-
tomcat9-docs_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
sha:5028f384a14822953c5f50cc2924f1e4f6624b6a
-
tomcat9-examples_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
sha:a76841cfa649c11672d1c3e7df80fb7c809492f9
-
tomcat9-user_9.0.31-1ubuntu0.9+tuxcare.els2_all.deb
sha:9857959a331273a686eebe72c767002d8676d0f6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
