Release date:
2026-07-06 15:33:21 UTC
Description:
* SECURITY UPDATE: authentication bypass in JNDIRealm with GSSAPI
- debian/patches/CVE-2026-55957.patch: don't reuse GSSAPI SASL auth when
validating user credentials in java/org/apache/catalina/realm/JNDIRealm.java
- CVE-2026-55957
* SECURITY UPDATE: default servlet security constraint method bypass
- debian/patches/CVE-2026-55956.patch: honour per-method constraints mapped
to "/" in java/org/apache/catalina/realm/RealmBase.java
- CVE-2026-55956
Updated packages:
-
libservlet3.1-java_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
sha:4f98e076b7c26c1347d05b6409e96476622d54f0
-
libservlet3.1-java-doc_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
sha:078ae59c7f6b579f0b36eef93a5163e8abb2ef91
-
libtomcat8-java_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
sha:524d1b2ef94dcf7ae0cf2edbc4096beaceab2276
-
tomcat8_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
sha:457c2f58d7b88af87b7fd206baaf23eeaa868f37
-
tomcat8-admin_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
sha:6ac23a095ac6086e76835f176e6f89e1bf49bbd6
-
tomcat8-common_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
sha:9d4044b4cf540db124c5f2108644fad22c5cc6e6
-
tomcat8-docs_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
sha:ed54dd57603661c0978faeab6902ee73550d405a
-
tomcat8-examples_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
sha:b2767e923085ea1102ac4ece774ef67902508973
-
tomcat8-user_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
sha:82a112f818afb6afe7068eea55fd4a7f6857e326
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.