Release date:
2026-05-21 15:42:09 UTC
Description:
- CVE-2026-43514: fix observable timing discrepancy when comparing AJP secret (Low)
- CVE-2026-43512: fix authentication bypass in DIGEST authentication when password is null (Moderate)
- CVE-2026-43515: fix improper authorization when multiple method constraints apply to the same extension pattern (Moderate)
- CVE-2026-43513: fix LockOutRealm bypass via case-variant usernames against case-insensitive realms (Low)
Updated packages:
-
tomcat-7.0.76-16.el7_9.tuxcare.els4.noarch.rpm
sha:0ea17ff9c32efa1eafc434a78de44d8aab242045f07e0599c40d5e051b8396d1
-
tomcat-admin-webapps-7.0.76-16.el7_9.tuxcare.els4.noarch.rpm
sha:e43c3e2310ac5cb2e94d967a251dc6967ecf79eff3c0ad39cba3b1369fb0048e
-
tomcat-docs-webapp-7.0.76-16.el7_9.tuxcare.els4.noarch.rpm
sha:266c438294df0226a87646dcbb565df6d2672bdcb4dce7c9380640814dc34620
-
tomcat-el-2.2-api-7.0.76-16.el7_9.tuxcare.els4.noarch.rpm
sha:9ee0d3fa72a46d2a4f3c753b3032c380d759e37eb2470e10fca4083d38024b37
-
tomcat-javadoc-7.0.76-16.el7_9.tuxcare.els4.noarch.rpm
sha:8343a5f25de2ab219b6745b683cf921f8ee82adc23d5f3446cd6f9cf4c25ff8e
-
tomcat-jsp-2.2-api-7.0.76-16.el7_9.tuxcare.els4.noarch.rpm
sha:a51de624ed78f0ebae5b3e6d351517f1fa97ef02c66305ac452e607cee09d24e
-
tomcat-jsvc-7.0.76-16.el7_9.tuxcare.els4.noarch.rpm
sha:8557eea0da1c5161c7e8f129d19579b983ff1fc065f1040d73613c6c3c0f6c75
-
tomcat-lib-7.0.76-16.el7_9.tuxcare.els4.noarch.rpm
sha:a158231588128f26db0dd8a4ea1f40fb0a7fc34e3cd22f446d4a281a3fbcfb57
-
tomcat-servlet-3.0-api-7.0.76-16.el7_9.tuxcare.els4.noarch.rpm
sha:199d7dcbe53c8b60d80e96b5feafa1fdbad06ca8f79386c070274517bc87cf29
-
tomcat-webapps-7.0.76-16.el7_9.tuxcare.els4.noarch.rpm
sha:b414c62953ed9b9fbb6f18fba3845e92c84d444bef2ba293b1dc45a679e2f3e6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
