[CLSA-2026:1779893247] Fix of 5 CVEs
Type:
security
Severity:
Low
Release date:
2026-05-27 14:47:32 UTC
Description:
* SECURITY UPDATE: add case sensitive attribute to LockOutRealm - debian/patches/CVE-2026-43513.patch: add case sensitive attribute to LockOutRealm - CVE-2026-43513 * SECURITY UPDATE: fix the handling of invalid users with DIGEST authentication - debian/patches/CVE-2026-43512.patch: fix the handling of invalid users with DIGEST authentication - CVE-2026-43512 * SECURITY UPDATE: switch AJP secret comparison to a constant time algorithm - debian/patches/CVE-2026-43514.patch: switch AJP secret comparison to a constant time algorithm - CVE-2026-43514 * SECURITY UPDATE: ensure RealmBase finds all matching extension based constraints - debian/patches/CVE-2026-43515.patch: ensure RealmBase finds all matching extension based constraints - CVE-2026-43515 * SECURITY UPDATE: add a configurable limit for WebDAV XML request bodies - debian/patches/CVE-2026-41284.patch: add a configurable limit for WebDAV XML request bodies - CVE-2026-41284
Updated packages:
  • libservlet3.0-java_7.0.68-1ubuntu0.4+tuxcare.els8_all.deb
    sha:48b75ea62b5814c533365c808dff9aa3d7c74b3f
  • libservlet3.0-java-doc_7.0.68-1ubuntu0.4+tuxcare.els8_all.deb
    sha:dfb04177fa99a742de9efc77cb53fd5a11fc48da
  • libtomcat7-java_7.0.68-1ubuntu0.4+tuxcare.els8_all.deb
    sha:21e4155209f84f48d4c4c49aa8461fad6dbe835d
  • tomcat7_7.0.68-1ubuntu0.4+tuxcare.els8_all.deb
    sha:911b350ddf9c6bfda09be12a212e84fc69730f2a
  • tomcat7-admin_7.0.68-1ubuntu0.4+tuxcare.els8_all.deb
    sha:e2d4b83bfaf472b07e258ad54ea72c8b737dd84b
  • tomcat7-common_7.0.68-1ubuntu0.4+tuxcare.els8_all.deb
    sha:def0f5151ae3148140930188281fe77f900fb3ad
  • tomcat7-docs_7.0.68-1ubuntu0.4+tuxcare.els8_all.deb
    sha:e8843c822024c76aa91862088190f3bc4633f874
  • tomcat7-examples_7.0.68-1ubuntu0.4+tuxcare.els8_all.deb
    sha:5fca0e5917feb635e79636261f629de6652b305c
  • tomcat7-user_7.0.68-1ubuntu0.4+tuxcare.els8_all.deb
    sha:86ff8f18b777c3cdae4e1d773de9c618201ed49e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.