Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor (CVE-2026-29146)
* Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass (CVE-2026-34486)
Bug Fix(es) and Enhancement(s):
* Remove tomcat clustering JAR from RPM builds (JIRA:AlmaLinux-168577)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| noarch |
tomcat-jsp-3.1-api-10.1.49-3.el10_2.alma.1.noarch.rpm |
1819dbffc1a4bca43680dfb716f9f6bfca480b2c4603395e77e0a419a58fbf40 |
| noarch |
tomcat-servlet-6.0-api-10.1.49-3.el10_2.alma.1.noarch.rpm |
2554b1cd27aae45d566ee543e529a7f8b631976f3dc644dccaa3151198093639 |
| noarch |
tomcat-el-5.0-api-10.1.49-3.el10_2.alma.1.noarch.rpm |
4b09a49a6a830ea70914354fdb2180be3d73be82a0bebb83bdfefc3d3432cb85 |
| noarch |
tomcat-10.1.49-3.el10_2.alma.1.noarch.rpm |
7a52ade066f085dc82c61eb86e4ef336c98d2ac6ba70eff0127686795e779fa3 |
| noarch |
tomcat-lib-10.1.49-3.el10_2.alma.1.noarch.rpm |
8493861578941c0333c0447a8fba9719aa909187e4dfce1eb7ea6f9689eb73f4 |
| noarch |
tomcat-webapps-10.1.49-3.el10_2.alma.1.noarch.rpm |
8545fc47344bf1f124375700093b8bd550c7b5bbd3885316391a2c6901779bf3 |
| noarch |
tomcat-docs-webapp-10.1.49-3.el10_2.alma.1.noarch.rpm |
cd529a071ef3d5271bd60e65c7097b158dc762889174cff1d29908a19942df9b |
| noarch |
tomcat-admin-webapps-10.1.49-3.el10_2.alma.1.noarch.rpm |
f1ca32a57c82c415745065d6ad5dee139ea70ca3e4b206c2c5213577fb413f9f |