CVE-2025-31650 was announced here: https://www.openwall.com/lists/oss-security/2025/04/28/2 CVE-2025-31651 was announced here: https://www.openwall.com/lists/oss-security/2025/04/28/3
Status comment: (none) => Fixed upstream in 9.0.104Whiteboard: (none) => MGA9TOOCVE: (none) => CVE-2025-31650, CVE-2025-31651Source RPM: (none) => tomcat-9.0.102-1.mga10.src.rpm, tomcat-9.0.102-1.mga9.src.rpm
Suggested advisory: ======================== The updated packages fix security vulnerabilities: DoS via malformed HTTP/2 PRIORITY_UPDATE frame. (CVE-2025-31650) Bypass of rules in Rewrite Valve. (CVE-2025-31651) References: https://www.openwall.com/lists/oss-security/2025/04/28/2 https://www.openwall.com/lists/oss-security/2025/04/28/3 ======================== Updated packages in core/updates_testing: ======================== tomcat-9.0.104-1.mga9 tomcat-admin-webapps-9.0.104-1.mga9 tomcat-docs-webapp-9.0.104-1.mga9 tomcat-el-3.0-api-9.0.104-1.mga9 tomcat-jsp-2.3-api-9.0.104-1.mga9 tomcat-lib-9.0.104-1.mga9 tomcat-servlet-4.0-api-9.0.104-1.mga9 tomcat-webapps-9.0.104-1.mga9 from SRPM: tomcat-9.0.104-1.mga9.src.rpm
Assignee: bugsquad => qa-bugsStatus comment: Fixed upstream in 9.0.104 => (none)Source RPM: tomcat-9.0.102-1.mga10.src.rpm, tomcat-9.0.102-1.mga9.src.rpm => tomcat-9.0.102-1.mga9.src.rpmVersion: Cauldron => 9Whiteboard: MGA9TOO => (none)Status: NEW => ASSIGNED
Keywords: (none) => advisory
MGA9-64 Plasma Wayland on Compaq H000SB No installation issues. Following bug 33863: Added following lines to /etc/tomcat/tomcat-users.xml before the end line: <role rolename="manager-gui"/> <user name="tester9" password="tester" roles="manager-gui" /> sample.war file still there from previous bug 34112. Then at CLI: # systemctl start httpd # systemctl -l status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; preset: disabled) Active: active (running) since Sat 2025-05-03 17:18:09 CEST; 14s ago Main PID: 4922 (/usr/sbin/httpd) Status: "Total requests: 0; Idle/Busy workers 100/0;Requests/sec: 0; Bytes served/sec: 0 B/sec" Tasks: 6 (limit: 8806) Memory: 23.4M CPU: 562ms CGroup: /system.slice/httpd.service ├─4922 /usr/sbin/httpd -DFOREGROUND ├─4924 /usr/sbin/httpd -DFOREGROUND ├─4925 /usr/sbin/httpd -DFOREGROUND ├─4926 /usr/sbin/httpd -DFOREGROUND ├─4927 /usr/sbin/httpd -DFOREGROUND └─4928 /usr/sbin/httpd -DFOREGROUND May 03 17:18:08 mach3.hviaene.thuis systemd[1]: Starting httpd.service... May 03 17:18:09 mach3.hviaene.thuis systemd[1]: Started httpd.service. # systemctl restart tomcat.service # systemctl -l status tomcat.service ● tomcat.service - Apache Tomcat Web Application Container Loaded: loaded (/usr/lib/systemd/system/tomcat.service; disabled; preset: disabled) Active: active (running) since Sat 2025-05-03 17:18:44 CEST; 14s ago Main PID: 4993 (java) Tasks: 23 (limit: 8806) Memory: 138.9M CPU: 18.049s CGroup: /system.slice/tomcat.service └─4993 /usr/lib/jvm/jre/bin/java -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath /usr/share/tomcat/bin> May 03 17:18:49 mach3.hviaene.thuis server[4993]: 03-May-2025 17:18:49.666 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line ar> May 03 17:18:49 mach3.hviaene.thuis server[4993]: 03-May-2025 17:18:49.684 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded A> May 03 17:18:49 mach3.hviaene.thuis server[4993]: 03-May-2025 17:18:49.687 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capa> May 03 17:18:49 mach3.hviaene.thuis server[4993]: 03-May-2025 17:18:49.688 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/Open> May 03 17:18:49 mach3.hviaene.thuis server[4993]: 03-May-2025 17:18:49.711 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL s> May 03 17:18:52 mach3.hviaene.thuis server[4993]: 03-May-2025 17:18:52.937 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > May 03 17:18:53 mach3.hviaene.thuis server[4993]: 03-May-2025 17:18:53.336 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [6> May 03 17:18:53 mach3.hviaene.thuis server[4993]: 03-May-2025 17:18:53.825 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting servi> May 03 17:18:53 mach3.hviaene.thuis server[4993]: 03-May-2025 17:18:53.832 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servle> May 03 17:18:54 mach3.hviaene.thuis server[4993]: 03-May-2025 17:18:54.018 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web applic> Them I could connect to http://localhost:8080 to exercise the the manager app and http://localhost:8080/sample to display the samples. OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA9-64-OK
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0145.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED