[ALSA-2026:36788] Important: tomcat security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2026-07-13
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor (CVE-2026-29146) * Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass (CVE-2026-34486) Bug Fix(es) and Enhancement(s): * Remove tomcat clustering JAR from RPM builds (JIRA:AlmaLinux-168577) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-jsp-3.1-api-10.1.49-3.el10_2.alma.1.noarch.rpm 1819dbffc1a4bca43680dfb716f9f6bfca480b2c4603395e77e0a419a58fbf40
noarch tomcat-servlet-6.0-api-10.1.49-3.el10_2.alma.1.noarch.rpm 2554b1cd27aae45d566ee543e529a7f8b631976f3dc644dccaa3151198093639
noarch tomcat-el-5.0-api-10.1.49-3.el10_2.alma.1.noarch.rpm 4b09a49a6a830ea70914354fdb2180be3d73be82a0bebb83bdfefc3d3432cb85
noarch tomcat-10.1.49-3.el10_2.alma.1.noarch.rpm 7a52ade066f085dc82c61eb86e4ef336c98d2ac6ba70eff0127686795e779fa3
noarch tomcat-lib-10.1.49-3.el10_2.alma.1.noarch.rpm 8493861578941c0333c0447a8fba9719aa909187e4dfce1eb7ea6f9689eb73f4
noarch tomcat-webapps-10.1.49-3.el10_2.alma.1.noarch.rpm 8545fc47344bf1f124375700093b8bd550c7b5bbd3885316391a2c6901779bf3
noarch tomcat-docs-webapp-10.1.49-3.el10_2.alma.1.noarch.rpm cd529a071ef3d5271bd60e65c7097b158dc762889174cff1d29908a19942df9b
noarch tomcat-admin-webapps-10.1.49-3.el10_2.alma.1.noarch.rpm f1ca32a57c82c415745065d6ad5dee139ea70ca3e4b206c2c5213577fb413f9f
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.