Release date:
2026-07-10 12:49:52 UTC
Description:
* SECURITY UPDATE: authentication bypass in JNDIRealm with GSSAPI
- debian/patches/CVE-2026-55957.patch: don't reuse GSSAPI SASL auth when
validating user credentials in java/org/apache/catalina/realm/JNDIRealm.java
- CVE-2026-55957
* SECURITY UPDATE: default servlet security constraint method bypass
- debian/patches/CVE-2026-55956.patch: honour per-method constraints mapped
to "/" in java/org/apache/catalina/realm/RealmBase.java
- CVE-2026-55956
Updated packages:
-
libservlet3.0-java_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
sha:8c8f77316784d37200b7f50e66eb7624f976ef56
-
libservlet3.0-java-doc_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
sha:8eee76f9fdb683bb7486f37d31b3666a41209d8c
-
libtomcat7-java_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
sha:1876ebc30338f99a2a9a83bfe4411d307e25d57b
-
tomcat7_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
sha:2463407d29cd7e3f760e5b2de5e93b3e1db0182d
-
tomcat7-admin_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
sha:2f54c3e1c9e8d72da4658becdf7ff2a944f3f585
-
tomcat7-common_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
sha:f7a47d73c1a2ba012bf588702a0634191d435b32
-
tomcat7-docs_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
sha:b54359712eef2d65e1bfc2804f032195efec461f
-
tomcat7-examples_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
sha:399e99d66665d9e285e831f72ad08afffd0ce9cf
-
tomcat7-user_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
sha:d9e646509ce4fafae9b0df9ab5251c387164bc03
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.