AlmaLinux has recently released updates that enhance security for its users, including moderate updates for Tomcat and low-level updates for Python versions 3.11 and 3.12.
- Release Date: April 8, 2025
- Details: This update addresses vulnerabilities in Apache Tomcat, a popular servlet container for Java applications, specifically concerning:
- Remote Code Execution (RCE) issues due to a Time-of-Check-Time-of-Use (TOCTOU) problem in JSP compilation (CVE-2024-50379).
- Potential RCE and information disclosure/corruption risks with partial PUT requests (CVE-2025-24813).
- More Information: [Tomcat Update Details](https://errata.almalinux.org/9/ALSA-2025-3645.html)
2. Python 3.11 Security Update (Low Severity)
- Release Date: April 8, 2025
- Details: This update resolves an issue in the Python HTTP cookies module that could lead to uncontrolled CPU resource consumption (CVE-2024-7592).
- More Information: [Python 3.11 Update Details](https://errata.almalinux.org/9/ALSA-2025-3634.html)
3. Python 3.12 Security Update (Low Severity)
- Release Date: April 8, 2025
- Details: Similar to the update for Python 3.11, this update also addresses the uncontrolled CPU resource consumption vulnerability in the HTTP cookies module (CVE-2024-7592).
- More Information: [Python 3.12 Update Details](https://errata.almalinux.org/9/ALSA-2025-3631.html)
Key Updates:
1. Tomcat Security Update (Moderate Severity)- Release Date: April 8, 2025
- Details: This update addresses vulnerabilities in Apache Tomcat, a popular servlet container for Java applications, specifically concerning:
- Remote Code Execution (RCE) issues due to a Time-of-Check-Time-of-Use (TOCTOU) problem in JSP compilation (CVE-2024-50379).
- Potential RCE and information disclosure/corruption risks with partial PUT requests (CVE-2025-24813).
- More Information: [Tomcat Update Details](https://errata.almalinux.org/9/ALSA-2025-3645.html)
2. Python 3.11 Security Update (Low Severity)
- Release Date: April 8, 2025
- Details: This update resolves an issue in the Python HTTP cookies module that could lead to uncontrolled CPU resource consumption (CVE-2024-7592).
- More Information: [Python 3.11 Update Details](https://errata.almalinux.org/9/ALSA-2025-3634.html)
3. Python 3.12 Security Update (Low Severity)
- Release Date: April 8, 2025
- Details: Similar to the update for Python 3.11, this update also addresses the uncontrolled CPU resource consumption vulnerability in the HTTP cookies module (CVE-2024-7592).
- More Information: [Python 3.12 Update Details](https://errata.almalinux.org/9/ALSA-2025-3631.html)
Conclusion
These updates are crucial for maintaining the security and performance of applications running on AlmaLinux. Users are encouraged to review the detailed information provided in the links and apply the updates promptly to mitigate any potential risks. For further assistance or to change notification settings, users can reach out through the AlmaLinux community chat or manage their mailing lists on the AlmaLinux website.Additional Considerations
It is recommended for users and administrators to regularly monitor for updates and security advisories to ensure their systems remain secure. Engaging with the AlmaLinux community can also provide additional insights and support regarding best practices for system management and securityPython and Tomcat updates for AlmaLinux
AlmaLinux has been updated with several security enhancements, featuring a moderate update for Tomcat, as well as low-level updates for Python 3.11 and Python 3.12:
ALSA-2025:3645: tomcat security update (Moderate)
ALSA-2025:3634: python3.11 security update (Low)
ALSA-2025:3631: python3.12 security update (Low)
