Release date:
2026-07-08 15:55:53 UTC
Description:
* SECURITY UPDATE: fix the handling of invalid users with DIGEST
authentication
- debian/patches/CVE-2026-43512.patch: short-cut the null password case
in RealmBase.getDigest()
- CVE-2026-43512
* SECURITY UPDATE: account lockout bypass via username case variation
- debian/patches/CVE-2026-43513.patch: add case sensitive attribute to
LockOutRealm and normalise usernames before tracking failures
- CVE-2026-43513
* SECURITY UPDATE: authorization bypass with extension-based method
constraints
- debian/patches/CVE-2026-43515.patch: ensure RealmBase finds all
matching extension based constraints
- CVE-2026-43515
Updated packages:
-
libservlet3.1-java_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
sha:caadde8715a839c30dcfecd8afdcc6f281cd761c
-
libservlet3.1-java-doc_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
sha:50fd66ab18a7a6247f54d34eb856d4efa7e9eed3
-
libtomcat8-java_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
sha:d767935f6f0b6c8688e0824c2ee70ea91655fdbe
-
tomcat8_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
sha:df7a11af8d3e32fc8bb8e4f91d5172a3af598825
-
tomcat8-admin_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
sha:4003dab32be1119909fac2585ec8aba1db8e0640
-
tomcat8-common_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
sha:4fbc41d5f3be77a3d8931137538b410a8464c569
-
tomcat8-docs_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
sha:cdedb4614ac32a90df8c8fd437f186a724737cf7
-
tomcat8-examples_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
sha:cbbb641c41133395e56d32eb6618acb677636e96
-
tomcat8-user_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
sha:5769dfb290d662cf471cadecf9271e4ed0163875
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.