Release date:
2026-07-06 16:54:25 UTC
Description:
- CVE-2026-55957: don't reuse GSSAPI SASL authentication when validating
user-provided credentials in JNDIRealm, closing an LDAP bind authentication
bypass (upstream tomcat 9.0.102)
- CVE-2026-55956: honour per-method security constraints mapped to "/" so
method omissions on the default servlet are no longer ignored
(upstream tomcat 9.0.119)
Updated packages:
-
tomcat-9.0.87-3.el9_6.3.tuxcare.els9.noarch.rpm
sha:dee29e782f833acb2402cd7c48ad4def5c5c82898c29fb20639e3e3f4b322389
-
tomcat-admin-webapps-9.0.87-3.el9_6.3.tuxcare.els9.noarch.rpm
sha:3e8fd4dd440df1d7ab4595c7105f3aa97f2473fc5a9c8f353e5761665d683db1
-
tomcat-docs-webapp-9.0.87-3.el9_6.3.tuxcare.els9.noarch.rpm
sha:fcad98eeff0833e2cf598405695fc08bcd4806bf0fb0578ebeaa32b5bdeda8b7
-
tomcat-el-3.0-api-9.0.87-3.el9_6.3.tuxcare.els9.noarch.rpm
sha:96fd0e05bf9802a07cca7abc1f2b060262e55a258b745c2e81ae8ba687a2f99c
-
tomcat-jsp-2.3-api-9.0.87-3.el9_6.3.tuxcare.els9.noarch.rpm
sha:21f70848823fcbfab3b6672f05184f764ac7f6eb5a29c46ddf8ca3b9567b605a
-
tomcat-lib-9.0.87-3.el9_6.3.tuxcare.els9.noarch.rpm
sha:b45f157117f2314ef7258f59772d0f3a80596ee93eea4a0721b520d7e7e37bed
-
tomcat-servlet-4.0-api-9.0.87-3.el9_6.3.tuxcare.els9.noarch.rpm
sha:707a79a334eb3689400bfcdd3b000df87c44a9e49cfed84f56bd87bc3bbf352b
-
tomcat-webapps-9.0.87-3.el9_6.3.tuxcare.els9.noarch.rpm
sha:948b2d22e010bea28ed716f0b4b60c951612687ed08beeffa19454b90d943140
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.