Bug#1053820: libtomcat9-java: ERR_HTTP2_PROTOCOL_ERROR in browsers after upgrade 9.0.43-2~deb11u7 over u6

Sam Lander sam.lander at gmail.com
Thu Oct 12 00:43:42 BST 2023 

Package: libtomcat9-java
Version: 9.0.43-2~deb11u7
Severity: important
X-Debbugs-Cc: sam.lander at gmail.com

Dear Maintainer,

I let unattended-upgrades handle the HTTP2 vulnerability.
It installed thusly:

> Log started: 2023-10-12  06:34:35
> (Reading database <snip...>
> Preparing to unpack .../libtomcat9-java_9.0.43-2~deb11u7_all.deb ...
> Unpacking libtomcat9-java (9.0.43-2~deb11u7) over (9.0.43-2~deb11u6) ...
> Preparing to unpack .../tomcat9-common_9.0.43-2~deb11u7_all.deb ...
> Unpacking tomcat9-common (9.0.43-2~deb11u7) over (9.0.43-2~deb11u6) ...
> Preparing to unpack .../tomcat9_9.0.43-2~deb11u7_all.deb ...
> Unpacking tomcat9 (9.0.43-2~deb11u7) over (9.0.43-2~deb11u6) ...
> Setting up libtomcat9-java (9.0.43-2~deb11u7) ...
> Setting up tomcat9-common (9.0.43-2~deb11u7) ...
> Setting up tomcat9 (9.0.43-2~deb11u7) ...
> Processing triggers for rsyslog (8.2102.0-2+deb11u1) ...
> 
> Pending kernel upgrade!
> 
> Running kernel version:
>  5.10.0-19-amd64
> 
> Diagnostics:
>   The currently running kernel version is not the expected kernel version 5.10.0-26-amd64.

I did not reboot, and all lclients (Firefox, Safari, Chrome reported
similar errors. No certificate available, security problem and 
ERR_HTTP2_PROTOCOL_ERROR

A reboot to enable the new kernel produced the same results.

I have commented-out HTTP2 and restarted Tomcat9, and the error is gone,
(but so is HTTP2)
>     <Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
>                maxThreads="150" SSLEnabled="true" >
>             <!-- sam 20231012 <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> -->
>         <SSLHostConfig>
>                 <Certificate certificateKeyFile="/etc/letsencrypt/live/puppy.ccoz.org.au/privkey.pem"
>                         certificateFile="/etc/letsencrypt/live/xxxxxxxxxxxxxxxxx/cert.pem"
>                         certificateChainFile="/etc/letsencrypt/live/xxxxxxxxxxxxxxxxx/chain.pem"
>                         type="RSA" />
>         </SSLHostConfig>
>     </Connector>


-- System Information:
       _,met$$$$$gg.          root at xxxxx
    ,g$$$$$$$$$$$$$$$P.       ----------
  ,g$$P"     """Y$$.".        OS: Debian GNU/Linux 11 (bullseye) x86_64
 ,$$P'              `$$$.     Host: HVM domU 4.7
',$$P       ,ggs.     `$$b:   Kernel: 5.10.0-26-amd64
`d$$'     ,$P"'   .    $$$    Uptime: 1 hour, 43 mins
 $$P      d$'     ,    $$P    Packages: 799 (dpkg)
 $$:      $$.   -    ,d$$'    Shell: bash 5.1.4
 $$;      Y$b._   _,d$P'      Resolution: 1024x768
 Y$$.    `.`"Y$$$$P"'         CPU: AMD Opteron 4170 HE (4) @ 2.100GHz
 `$$b      "-.__              GPU: 00:02.0 Cirrus Logic GD 5446
  `Y$$                        Memory: 1349MiB / 7938MiB
   `Y$$.
     `$$b.
       `Y$$b.
          `"Y$b._
              `"""

More information about the pkg-java-maintainers mailing list