Release date:
2026-07-06 15:36:49 UTC
Description:
* SECURITY UPDATE: authentication bypass in JNDIRealm with GSSAPI
- debian/patches/CVE-2026-55957.patch: don't reuse GSSAPI SASL auth when
validating user credentials in java/org/apache/catalina/realm/JNDIRealm.java
- CVE-2026-55957
* SECURITY UPDATE: default servlet security constraint method bypass
- debian/patches/CVE-2026-55956.patch: honour per-method constraints mapped
to "/" in java/org/apache/catalina/realm/RealmBase.java
- CVE-2026-55956
Updated packages:
-
libtomcat8-embed-java_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
sha:dc144d553235525c3212b9171c58a68ea4a3ff43
-
libtomcat8-java_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
sha:fd8da3a1fdbd420f75f1ff85c530646eba5670e9
-
tomcat8_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
sha:7323678303676641e83e71e56f4d1342040a2056
-
tomcat8-admin_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
sha:7f31b4b91c28a0be56a222a071150f1f98452788
-
tomcat8-common_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
sha:586d57885072abc648cef099ca8d22eddefbb300
-
tomcat8-docs_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
sha:cf4610e7b5d602ae0ecfdf599f6e18978051cf76
-
tomcat8-examples_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
sha:154f8bc51039e1e3901e80de536e601ceed7ace9
-
tomcat8-user_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
sha:65e59e2c2f9a6796769aae708b2e19b95116b2bc
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.