[CLSA-2026:1783595407] Fix CVE(s): CVE-2026-55956, CVE-2026-55957
Type:
security
Severity:
Important
Release date:
2026-07-09 11:10:24 UTC
Description:
* SECURITY UPDATE: authentication bypass in JNDIRealm with GSSAPI - debian/patches/CVE-2026-55957.patch: don't reuse GSSAPI SASL auth when validating user credentials in java/org/apache/catalina/realm/JNDIRealm.java - CVE-2026-55957 * SECURITY UPDATE: default servlet security constraint method bypass - debian/patches/CVE-2026-55956.patch: honour per-method constraints mapped to "/" in java/org/apache/catalina/realm/RealmBase.java - CVE-2026-55956
Updated packages:
  • libtomcat9-embed-java_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
    sha:0096e7dd858b5d71279c2f8d41c01467dcac3e12
  • libtomcat9-java_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
    sha:3859f346f940b9d01cafa3eb49e7311e98e52dff
  • tomcat9_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
    sha:5de259e3a216c5e4fc47b68ff7826a756bc9824e
  • tomcat9-admin_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
    sha:36758d804571827a876fafbc52684f36ba99966c
  • tomcat9-common_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
    sha:cea4e78ecd81ad163b4c1600a27751dd7065fd01
  • tomcat9-docs_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
    sha:c0167adc442a2b2034c0f4a8bf53d0b5d1bdf819
  • tomcat9-examples_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
    sha:1fc6a0ea1bdd42916a249a0ba0bfa4ee0d1bb08f
  • tomcat9-user_9.0.16-3ubuntu0.18.04.2+tuxcare.els17_all.deb
    sha:137443daba0f0bb0385e3e887af78ad9c97e643e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.