USN-7032-1: Tomcat vulnerability

Releases

• Ubuntu 24.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM

Packages

• tomcat8 - Servlet and JSP engine
• tomcat9 - Servlet and JSP engine

Details

It was discovered that Tomcat incorrectly handled HTTP trailer headers. A
remote attacker could possibly use this issue to perform HTTP request
smuggling.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.04

• libtomcat9-java - 9.0.70-2ubuntu0.1

Ubuntu 22.04

• libtomcat9-embed-java - 9.0.58-1ubuntu0.1+esm3
  Available with Ubuntu Pro
• libtomcat9-java - 9.0.58-1ubuntu0.1+esm3
  Available with Ubuntu Pro

Ubuntu 20.04

• libtomcat9-embed-java - 9.0.31-1ubuntu0.7
• libtomcat9-java - 9.0.31-1ubuntu0.7

Ubuntu 18.04

• libtomcat8-embed-java - 8.5.39-1ubuntu1~18.04.3+esm3
  Available with Ubuntu Pro
• libtomcat8-java - 8.5.39-1ubuntu1~18.04.3+esm3
  Available with Ubuntu Pro
• libtomcat9-embed-java - 9.0.16-3ubuntu0.18.04.2+esm3
  Available with Ubuntu Pro
• libtomcat9-java - 9.0.16-3ubuntu0.18.04.2+esm3
  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

• CVE-2023-46589