[SECURITY] [DSA 6121-1] tomcat11 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6121-1] tomcat11 security update
From: Markus Koschany <apo@debian.org>
Date: Thu, 5 Feb 2026 20:56:17 +0000
Message-id: <[🔎] aYUD8aa_hXZRiL2m@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6121-1                   security@debian.org
https://www.debian.org/security/                          Markus Koschany
February 05, 2026                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tomcat11
CVE ID         : CVE-2025-46701 CVE-2025-48976 CVE-2025-48988 CVE-2025-48989
                 CVE-2025-49125 CVE-2025-52520 CVE-2025-53506 CVE-2025-55668
                 CVE-2025-55752 CVE-2025-55754 CVE-2025-61795
Debian Bug     : 1106821 1108118 1108116 1111096 1108114 1109111 1109113 1111098


Several security vulnerabilities have been found in Tomcat 11, a Java web
server and servlet engine. This update improves the handling of HTTP/2
connections and corrects various flaws which can lead to uncontrolled resource
consumption and a denial of service.

For the stable distribution (trixie), these problems have been fixed in
version 11.0.15-1~deb13u1.

We recommend that you upgrade your tomcat11 packages.

For the detailed security status of tomcat11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tomcat11

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmmFA41fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRE1g//XhN27TXcGPU568iN+3ulUnaTqV3i8lQcaxeAZRXuN+OmG5WXfBzmUEG3
g9lZDHk1WPuDymFDEt3XX5QKTdKv9fxSZTxf8jpaL5iCmjkiZ8tdHSOCG92+jbXr
iykISrNIaQJW9zQs6qJYcNru9J4cgC9cnSrlI0PCDJMkDzyrxIUDk8iaM6QfRdPx
IVxiPrPeoc/pdzHsKCHnmLuQe6H8N2qXAlktwSh+1AW8iX61vzRnXe4PgUNPNlrl
qeBuZIHm2YFuzaVW/29gHsRN0BwC9s2iQraN32DTF2qcChurwinWsNNu8rbW0zGQ
ZKAmDf4bRerDoFTA7Qa/qumh7aT71cTNl3RQUfJTtNI5ZMArqExzokpsWmVWLPR6
3uJGT3p3FP8hXGuRa8lC+OmXg7wLAQu7WwImE6520aYq7THkM4HeroY5TE3Guuj/
Bxtc2Z9PiLk2QR+HAyw4uNLYlOnhgPpeCPgXKET1V9JtivnFuOEYW96sUWO2z1KJ
N5C3YVBYIouBi0gUj1xW/6VCo108HNOV5EepbvFIJnUDeIJOc9Wgl4DkSoxt8+um
iEf+jr82+QP3Qrattou0hIbT/mFRSebRaaBT2kaALbl9gV2Z2jxUwP0Z4pkmcyhP
6jFncD19hjxhpKoteggbnJ+tSWXRBv0S85MCRwwrL7bhxDIE6uI=
=46jF
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6120-1] tomcat10 security update
Next by Date: [SECURITY] [DSA 6122-1] chromium security update
Previous by thread: [SECURITY] [DSA 6120-1] tomcat10 security update
Next by thread: [SECURITY] [DSA 6122-1] chromium security update
Index(es):
- Date
- Thread