Release date:
2026-06-01 10:19:02 UTC
Description:
- CVE-2026-43512: fix the handling of invalid users with DIGEST authentication
- CVE-2026-43513: add case sensitive attribute to LockOutRealm
- CVE-2026-43514: switch AJP secret comparison to a constant time algorithm
- CVE-2026-43515: ensure RealmBase finds all matching extension based constraints
- CVE-2026-41284: add a configurable limit for WebDAV XML request bodies
- CVE-2026-42498: fix WebSocket + proxy + DIGEST auth on proxy
- CVE-2026-41293: HTTP/2 header filtering — validate decoded HPACK names/values
against RFC 7230 token/field-vchar/field-content rules
Updated packages:
-
tomcat-9.0.87-3.el9_6.3.tuxcare.els7.noarch.rpm
sha:1f9fe86879457270ef127c314fbbe27b1ddceebad67abd23a2d5fd72dd39f739
-
tomcat-admin-webapps-9.0.87-3.el9_6.3.tuxcare.els7.noarch.rpm
sha:5ff2692e5cdfc139e118c300f84607fe4a55605632b0a572d1fb62b66f141d1a
-
tomcat-docs-webapp-9.0.87-3.el9_6.3.tuxcare.els7.noarch.rpm
sha:177c8effa90dbe74426cf13b19e4eb58bcda95e2b5c3034602f9f873939d830c
-
tomcat-el-3.0-api-9.0.87-3.el9_6.3.tuxcare.els7.noarch.rpm
sha:b1893dc86895cfea65306b87fe469a511954e59f896a11259642ead50ff09997
-
tomcat-jsp-2.3-api-9.0.87-3.el9_6.3.tuxcare.els7.noarch.rpm
sha:ff69dbc4cd4b2fafb0e754bc5a5cb6fbebd17c2899d8ce8bc051a7ac33229ea8
-
tomcat-lib-9.0.87-3.el9_6.3.tuxcare.els7.noarch.rpm
sha:b2cc014a6407afdbd80441d2f7c4bb59380821247fb97992479e945b339de7b9
-
tomcat-servlet-4.0-api-9.0.87-3.el9_6.3.tuxcare.els7.noarch.rpm
sha:67b90526f221afc41cf7494dc498cd99ef18b904052287c17f3d72bb0516baf1
-
tomcat-webapps-9.0.87-3.el9_6.3.tuxcare.els7.noarch.rpm
sha:070b9aa62ea2595a93f622d6d069d53abc29fff8c0df502f43f6074c302a5057
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
