Amazon Linux 2 Security Advisory: ALASTOMCAT9-2023-006
Advisory Release Date: 2023-08-21 20:58 Pacific
Advisory Updated Date: 2023-09-25 21:57 Pacific
A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2021-42340)
Affected Packages:
tomcat
Issue Correction:
Run yum update tomcat to update your system.
noarch:
tomcat-9.0.54-1.amzn2.0.1.noarch
tomcat-admin-webapps-9.0.54-1.amzn2.0.1.noarch
tomcat-docs-webapp-9.0.54-1.amzn2.0.1.noarch
tomcat-jsvc-9.0.54-1.amzn2.0.1.noarch
tomcat-jsp-2.3-api-9.0.54-1.amzn2.0.1.noarch
tomcat-lib-9.0.54-1.amzn2.0.1.noarch
tomcat-servlet-4.0-api-9.0.54-1.amzn2.0.1.noarch
tomcat-el-3.0-api-9.0.54-1.amzn2.0.1.noarch
tomcat-webapps-9.0.54-1.amzn2.0.1.noarch
src:
tomcat-9.0.54-1.amzn2.0.1.src