[CLSA-2026:1783590563] tomcat: Fix of CVE-2026-55957
Type:
security
Severity:
Important
Release date:
2026-07-09 09:49:39 UTC
Description:
- CVE-2026-55957: enforce credential validation in JNDIRealm.bindAsUser when GSSAPI SASL is configured
CVEs fixed:
Updated packages:
  • tomcat-7.0.76-10.amzn2.0.16.tuxcare.els3.noarch.rpm
    sha:96a3e354e01df0825b45533486398257525b42607947490b7b40922918461638
  • tomcat-admin-webapps-7.0.76-10.amzn2.0.16.tuxcare.els3.noarch.rpm
    sha:cdfd21d87189a43aa5511bc85be97d9094e5526275413fcc1b1b59d6c7338d64
  • tomcat-docs-webapp-7.0.76-10.amzn2.0.16.tuxcare.els3.noarch.rpm
    sha:bf9cca2a0192561f172f2938c1ddfdeff3e235558b6c95aa4efa750787535950
  • tomcat-el-2.2-api-7.0.76-10.amzn2.0.16.tuxcare.els3.noarch.rpm
    sha:ecd125616a5569c471e68ed5eb59075c61f78b6284467da0c586f0350a1af572
  • tomcat-javadoc-7.0.76-10.amzn2.0.16.tuxcare.els3.noarch.rpm
    sha:cae022f7580df057d9a9a25ed058034bd48dbaf993fc7b7400998246ae2df1fd
  • tomcat-jsp-2.2-api-7.0.76-10.amzn2.0.16.tuxcare.els3.noarch.rpm
    sha:65d67af62a93dd20005c92f5622cdf9df32137cb22e8fa730f4a48bd542b2dbe
  • tomcat-jsvc-7.0.76-10.amzn2.0.16.tuxcare.els3.noarch.rpm
    sha:5c746c54af7fbf4b9b9d881a992acd8e955d8ef39d25785d734fed3a9c98828a
  • tomcat-lib-7.0.76-10.amzn2.0.16.tuxcare.els3.noarch.rpm
    sha:1b2f08fa4237511f9a20e361af5be06b07f5bee804a055530f2c6481fcc6c009
  • tomcat-servlet-3.0-api-7.0.76-10.amzn2.0.16.tuxcare.els3.noarch.rpm
    sha:5c775a693aa29f0ed44e739f4c4171e0a4cf12051a44ffdcdfd05c2b6f7f7f97
  • tomcat-webapps-7.0.76-10.amzn2.0.16.tuxcare.els3.noarch.rpm
    sha:39a8acdd2f3bed6e86f5ba20eb85758aa28912517a5df0301923c13eff878fa6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.