[CLSA-2026:1783686686] Fix CVE(s): CVE-2026-55956, CVE-2026-55957
Type:
security
Severity:
Important
Release date:
2026-07-10 12:49:52 UTC
Description:
* SECURITY UPDATE: authentication bypass in JNDIRealm with GSSAPI - debian/patches/CVE-2026-55957.patch: don't reuse GSSAPI SASL auth when validating user credentials in java/org/apache/catalina/realm/JNDIRealm.java - CVE-2026-55957 * SECURITY UPDATE: default servlet security constraint method bypass - debian/patches/CVE-2026-55956.patch: honour per-method constraints mapped to "/" in java/org/apache/catalina/realm/RealmBase.java - CVE-2026-55956
Updated packages:
  • libservlet3.0-java_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
    sha:8c8f77316784d37200b7f50e66eb7624f976ef56
  • libservlet3.0-java-doc_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
    sha:8eee76f9fdb683bb7486f37d31b3666a41209d8c
  • libtomcat7-java_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
    sha:1876ebc30338f99a2a9a83bfe4411d307e25d57b
  • tomcat7_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
    sha:2463407d29cd7e3f760e5b2de5e93b3e1db0182d
  • tomcat7-admin_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
    sha:2f54c3e1c9e8d72da4658becdf7ff2a944f3f585
  • tomcat7-common_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
    sha:f7a47d73c1a2ba012bf588702a0634191d435b32
  • tomcat7-docs_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
    sha:b54359712eef2d65e1bfc2804f032195efec461f
  • tomcat7-examples_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
    sha:399e99d66665d9e285e831f72ad08afffd0ce9cf
  • tomcat7-user_7.0.68-1ubuntu0.4+tuxcare.els9_all.deb
    sha:d9e646509ce4fafae9b0df9ab5251c387164bc03
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.