Release date:
2025-12-01 19:08:17 UTC
Description:
- CVE-2024-50379: fix TOCTOU vulnerability in JSP compilation to prevent RCE on
case insensitive file systems
- CVE-2024-38286: fix issue of resource allocation without limits or throttling
vulnerability in TLS handshake process
- Apply skip-common-daemon patch to remove the commons-daemon.jar copy in build.xml,
as Alma/RHEL cannot ship bundled JARs and must use the system commons-daemon
The ELS-provided source archive requires this adaptation
Updated packages:
-
pki-servlet-4.0-api-9.0.50-1.el9.tuxcare.els1.noarch.rpm
sha:3736c8d1c9e88c5b5d2ca37a4141adced80dba4c2ef3794a0c50c991c8e63662
-
pki-servlet-engine-9.0.50-1.el9.tuxcare.els1.noarch.rpm
sha:4b23ef49664973caa63eea9675d92bf9e028159a8113281ecfd675aa9b30f62b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
