- What: Debian has released a security update for tomcat11 addressing multiple CVEs.
- Impact: Tomcat11 users on Debian systems should update to the patched version to mitigate the listed vulnerabilities.
[SECURITY] [DSA 6121-1] tomcat11 security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6121-1] tomcat11 security update From : Markus Koschany < apo@debian.org > Date : Thu, 5 Feb 2026 20:56:17 +0000 Message-id : < [🔎] aYUD8aa_hXZRiL2m@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6121-1 security@debian.org https://www.debian.org/security/ Markus Koschany February 05, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat11 CVE ID : CVE-2025-46701 CVE-2025-48976 CVE-2025-48988 CVE-2025-48989 CVE-2025-49125 CVE-2025-52520 CVE-2025-53506 CVE-2025-55668 CVE-2025-55752 CVE-2025-55754 CVE-2025-61795 Debian Bug : 1106821 1108118 1108116 1111096 1108114 1109111 1109113 1111098 Several security vulnerabilities have been found in Tomcat 11, a Java web server and servlet engine. This update improves the handling of HTTP/2 connections and corrects various flaws which can lead to uncontrolled resource consumption and a denial of service. For the stable distribution (trixie), these problems have been fixed in version 11.0.15-1~deb13u1. We recommend that you upgrade your tomcat11 packages. For the detailed security status of tomcat11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmmFA41fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRE1g//XhN27TXcGPU568iN+3ulUnaTqV3i8lQcaxeAZRXuN+OmG5WXfBzmUEG3 g9lZDHk1WPuDymFDEt3XX5QKTdKv9fxSZTxf8jpaL5iCmjkiZ8tdHSOCG92+jbXr iykISrNIaQJW9zQs6qJYcNru9J4cgC9cnSrlI0PCDJMkDzyrxIUDk8iaM6QfRdPx IVxiPrPeoc/pdzHsKCHnmLuQe6H8N2qXAlktwSh+1AW8iX61vzRnXe4PgUNPNlrl qeBuZIHm2YFuzaVW/29gHsRN0BwC9s2iQraN32DTF2qcChurwinWsNNu8rbW0zGQ ZKAmDf4bRerDoFTA7Qa/qumh7aT71cTNl3RQUfJTtNI5ZMArqExzokpsWmVWLPR6 3uJGT3p3FP8hXGuRa8lC+OmXg7wLAQu7WwImE6520aYq7THkM4HeroY5TE3Guuj/ Bxtc2Z9PiLk2QR+HAyw4uNLYlOnhgPpeCPgXKET1V9JtivnFuOEYW96sUWO2z1KJ N5C3YVBYIouBi0gUj1xW/6VCo108HNOV5EepbvFIJnUDeIJOc9Wgl4DkSoxt8+um iEf+jr82+QP3Qrattou0hIbT/mFRSebRaaBT2kaALbl9gV2Z2jxUwP0Z4pkmcyhP 6jFncD19hjxhpKoteggbnJ+tSWXRBv0S85MCRwwrL7bhxDIE6uI= =46jF -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Markus Koschany (on-list) Markus Koschany (off-list) Prev by Date: [SECURITY] [DSA 6120-1] tomcat10 security update Next by Date: [SECURITY] [DSA 6122-1] chromium security update Previous by thread: [SECURITY] [DSA 6120-1] tomcat10 security update Next by thread: [SECURITY] [DSA 6122-1] chromium security update Index(es): Date Thread