[CLSA-2026:1782900813] Fix CVE(s): CVE-2026-43512, CVE-2026-43513, CVE-2026-43515
Type:
security
Severity:
Moderate
Release date:
2026-07-08 15:55:53 UTC
Description:
* SECURITY UPDATE: fix the handling of invalid users with DIGEST authentication - debian/patches/CVE-2026-43512.patch: short-cut the null password case in RealmBase.getDigest() - CVE-2026-43512 * SECURITY UPDATE: account lockout bypass via username case variation - debian/patches/CVE-2026-43513.patch: add case sensitive attribute to LockOutRealm and normalise usernames before tracking failures - CVE-2026-43513 * SECURITY UPDATE: authorization bypass with extension-based method constraints - debian/patches/CVE-2026-43515.patch: ensure RealmBase finds all matching extension based constraints - CVE-2026-43515
Updated packages:
  • libservlet3.1-java_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
    sha:caadde8715a839c30dcfecd8afdcc6f281cd761c
  • libservlet3.1-java-doc_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
    sha:50fd66ab18a7a6247f54d34eb856d4efa7e9eed3
  • libtomcat8-java_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
    sha:d767935f6f0b6c8688e0824c2ee70ea91655fdbe
  • tomcat8_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
    sha:df7a11af8d3e32fc8bb8e4f91d5172a3af598825
  • tomcat8-admin_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
    sha:4003dab32be1119909fac2585ec8aba1db8e0640
  • tomcat8-common_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
    sha:4fbc41d5f3be77a3d8931137538b410a8464c569
  • tomcat8-docs_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
    sha:cdedb4614ac32a90df8c8fd437f186a724737cf7
  • tomcat8-examples_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
    sha:cbbb641c41133395e56d32eb6618acb677636e96
  • tomcat8-user_8.0.32-1ubuntu1.13+tuxcare.els2_all.deb
    sha:5769dfb290d662cf471cadecf9271e4ed0163875
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.