Release date:
2026-07-08 22:26:32 UTC
Description:
- CVE-2026-55957: fix JNDIRealm GSSAPI credential validation bypass by snapshotting
the JNDI environment before bind, removing SECURITY_AUTHENTICATION when set to
GSSAPI, and restoring it in a finally block that also releases user credentials
Updated packages:
-
tomcat-9.0.62-12.el9_2.1.tuxcare.els4.noarch.rpm
sha:b0eaf14f1e21211bf211503bd13265cd7acd8ebb6459c812e3a3bebcea0b1ee5
-
tomcat-admin-webapps-9.0.62-12.el9_2.1.tuxcare.els4.noarch.rpm
sha:82e66437717c60e1674cc4cddaab19eddbdbb1fe81ce7e4bed9e7ec909bb2471
-
tomcat-docs-webapp-9.0.62-12.el9_2.1.tuxcare.els4.noarch.rpm
sha:3bd1de12327d599b212847e41d5b94e56ed713aad9e9a7e64ed596ba05491429
-
tomcat-el-3.0-api-9.0.62-12.el9_2.1.tuxcare.els4.noarch.rpm
sha:bd22a76146dbe8b80d329aede3ea478045e3288f318710d2b0d41f81393b9029
-
tomcat-jsp-2.3-api-9.0.62-12.el9_2.1.tuxcare.els4.noarch.rpm
sha:3becfd6038ec236ba361c345e8ab7fce7b3654f99e9a66dfea3577219108172e
-
tomcat-lib-9.0.62-12.el9_2.1.tuxcare.els4.noarch.rpm
sha:e05ffee89c4012bdcc7e9871fa7382e04dbb4c6f2c48e14095788addf64ccdd6
-
tomcat-servlet-4.0-api-9.0.62-12.el9_2.1.tuxcare.els4.noarch.rpm
sha:d5f6a5be2984a96057cb8c74be23c2e69b01e14be61dcb5758c7ebf3157ca5ce
-
tomcat-webapps-9.0.62-12.el9_2.1.tuxcare.els4.noarch.rpm
sha:e2709b8fd9bdbce223cd7568bd9c64b6b2baa6b9ea16076a047cfa8dbc97c2b8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.