[CLSA-2026:1783351984] Fix CVE(s): CVE-2026-55956, CVE-2026-55957
Type:
security
Severity:
Important
Release date:
2026-07-06 15:33:21 UTC
Description:
* SECURITY UPDATE: authentication bypass in JNDIRealm with GSSAPI - debian/patches/CVE-2026-55957.patch: don't reuse GSSAPI SASL auth when validating user credentials in java/org/apache/catalina/realm/JNDIRealm.java - CVE-2026-55957 * SECURITY UPDATE: default servlet security constraint method bypass - debian/patches/CVE-2026-55956.patch: honour per-method constraints mapped to "/" in java/org/apache/catalina/realm/RealmBase.java - CVE-2026-55956
Updated packages:
  • libservlet3.1-java_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
    sha:4f98e076b7c26c1347d05b6409e96476622d54f0
  • libservlet3.1-java-doc_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
    sha:078ae59c7f6b579f0b36eef93a5163e8abb2ef91
  • libtomcat8-java_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
    sha:524d1b2ef94dcf7ae0cf2edbc4096beaceab2276
  • tomcat8_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
    sha:457c2f58d7b88af87b7fd206baaf23eeaa868f37
  • tomcat8-admin_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
    sha:6ac23a095ac6086e76835f176e6f89e1bf49bbd6
  • tomcat8-common_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
    sha:9d4044b4cf540db124c5f2108644fad22c5cc6e6
  • tomcat8-docs_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
    sha:ed54dd57603661c0978faeab6902ee73550d405a
  • tomcat8-examples_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
    sha:b2767e923085ea1102ac4ece774ef67902508973
  • tomcat8-user_8.0.32-1ubuntu1.13+tuxcare.els3_all.deb
    sha:82a112f818afb6afe7068eea55fd4a7f6857e326
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.