Release date:
2026-07-09 11:10:24 UTC
Description:
* SECURITY UPDATE: authentication bypass in JNDIRealm with GSSAPI
- debian/patches/CVE-2026-55957.patch: don't reuse GSSAPI SASL auth when
validating user credentials in java/org/apache/catalina/realm/JNDIRealm.java
- CVE-2026-55957
* SECURITY UPDATE: default servlet security constraint method bypass
- debian/patches/CVE-2026-55956.patch: honour per-method constraints mapped
to "/" in java/org/apache/catalina/realm/RealmBase.java
- CVE-2026-55956
Updated packages:
-
libtomcat9-embed-java_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
sha:0096e7dd858b5d71279c2f8d41c01467dcac3e12
-
libtomcat9-java_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
sha:3859f346f940b9d01cafa3eb49e7311e98e52dff
-
tomcat9_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
sha:5de259e3a216c5e4fc47b68ff7826a756bc9824e
-
tomcat9-admin_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
sha:36758d804571827a876fafbc52684f36ba99966c
-
tomcat9-common_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
sha:cea4e78ecd81ad163b4c1600a27751dd7065fd01
-
tomcat9-docs_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
sha:c0167adc442a2b2034c0f4a8bf53d0b5d1bdf819
-
tomcat9-examples_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
sha:1fc6a0ea1bdd42916a249a0ba0bfa4ee0d1bb08f
-
tomcat9-user_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
sha:137443daba0f0bb0385e3e887af78ad9c97e643e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.