[CLSA-2026:1783352184] Fix CVE(s): CVE-2026-55956, CVE-2026-55957
Type:
security
Severity:
Important
Release date:
2026-07-06 15:36:49 UTC
Description:
* SECURITY UPDATE: authentication bypass in JNDIRealm with GSSAPI - debian/patches/CVE-2026-55957.patch: don't reuse GSSAPI SASL auth when validating user credentials in java/org/apache/catalina/realm/JNDIRealm.java - CVE-2026-55957 * SECURITY UPDATE: default servlet security constraint method bypass - debian/patches/CVE-2026-55956.patch: honour per-method constraints mapped to "/" in java/org/apache/catalina/realm/RealmBase.java - CVE-2026-55956
Updated packages:
  • libtomcat8-embed-java_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
    sha:dc144d553235525c3212b9171c58a68ea4a3ff43
  • libtomcat8-java_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
    sha:fd8da3a1fdbd420f75f1ff85c530646eba5670e9
  • tomcat8_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
    sha:7323678303676641e83e71e56f4d1342040a2056
  • tomcat8-admin_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
    sha:7f31b4b91c28a0be56a222a071150f1f98452788
  • tomcat8-common_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
    sha:586d57885072abc648cef099ca8d22eddefbb300
  • tomcat8-docs_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
    sha:cf4610e7b5d602ae0ecfdf599f6e18978051cf76
  • tomcat8-examples_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
    sha:154f8bc51039e1e3901e80de536e601ceed7ace9
  • tomcat8-user_8.5.100-1ubuntu1~18.04.1+tuxcare.els4_all.deb
    sha:65e59e2c2f9a6796769aae708b2e19b95116b2bc
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.