[ALSA-2026:36790] Important: tomcat9 security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2026-07-13
Description:
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. Security Fix(es): * Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor (CVE-2026-29146) * Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass (CVE-2026-34486) Bug Fix(es) and Enhancement(s): * Remove tomcat clustering JAR from RPM builds (JIRA:AlmaLinux-185571) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
noarch tomcat9-el-3.0-api-9.0.117-2.el10_2.alma.1.noarch.rpm 1e7a1f290d83d33dca1568da1d68c956d2ff9d703a7b398d2955f8f881f6c51c
noarch tomcat9-admin-webapps-9.0.117-2.el10_2.alma.1.noarch.rpm 35f74b44de15b3b04a6bc454a111d3dfb26dfee6c7ad16644fb1a88130dce735
noarch tomcat9-webapps-9.0.117-2.el10_2.alma.1.noarch.rpm 3682120341af35136b188a86d60de457c2c5936026aea99b5a7b1317d71f90f2
noarch tomcat9-lib-9.0.117-2.el10_2.alma.1.noarch.rpm 3a1e23335ca4fc1ca27006743516d5c74f7da734dc74dcdc72f5a4bed710668b
noarch tomcat9-servlet-4.0-api-9.0.117-2.el10_2.alma.1.noarch.rpm 42f01e89a5d4c20d96e5212710be93238f72ce04851d86ae714c53b925109a88
noarch tomcat9-9.0.117-2.el10_2.alma.1.noarch.rpm 7b18a53d3580ad05f99f8ee76bc0a5408bc9f0a2ca45465fd3446184546c2cb9
noarch tomcat9-docs-webapp-9.0.117-2.el10_2.alma.1.noarch.rpm a59f4bad7f545f5287804da402c7f5be36cbae0c74cf7b8b5f691c3473fe68b6
noarch tomcat9-jsp-2.3-api-9.0.117-2.el10_2.alma.1.noarch.rpm ac4d0fe0045a2723cfb5b6f43bdf719a027a0d7e5f26985bc08e3b4c1c91feb3
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.