========================================================================== Ubuntu Security Notice USN-7525-1 May 21, 2025 Tomcat vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Tomcat could expose sensitive files or run programs if it received specially crafted network traffic. Software Description: - tomcat10: Apache Tomcat 10 - Servlet and JSP engine - tomcat9: Apache Tomcat 9 - Servlet and JSP engine Details: It was discovered that Apache Tomcat incorrectly implemented partial PUT functionality by replacing path separators with dots in temporary files. A remote attacker could possibly use this issue to access sensitive files, inject malicious content, or execute remote code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS   libtomcat10-java                10.1.16-1ubuntu0.1~esm1                                   Available with Ubuntu Pro   tomcat10                        10.1.16-1ubuntu0.1~esm1                                   Available with Ubuntu Pro Ubuntu 22.04 LTS   libtomcat9-java                 9.0.58-1ubuntu0.2+esm2                                   Available with Ubuntu Pro   tomcat9                         9.0.58-1ubuntu0.2+esm2                                   Available with Ubuntu Pro Ubuntu 20.04 LTS   libtomcat9-java                 9.0.31-1ubuntu0.9+esm1                                   Available with Ubuntu Pro   tomcat9                         9.0.31-1ubuntu0.9+esm1                                   Available with Ubuntu Pro Ubuntu 18.04 LTS   libtomcat9-java                 9.0.16-3ubuntu0.18.04.2+esm6                                   Available with Ubuntu Pro   tomcat9                         9.0.16-3ubuntu0.18.04.2+esm6                                   Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References:   https://ubuntu.com/security/notices/USN-7525-1   CVE-2025-24813