Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor (CVE-2026-29146)
* Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass (CVE-2026-34486)
Bug Fix(es) and Enhancement(s):
* Remove tomcat clustering JAR from RPM builds (JIRA:AlmaLinux-183993)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| noarch |
tomcat-admin-webapps-9.0.87-2.el8_10.noarch.rpm |
0a847f523c4539f66f9b201382adcd6cd284b7db91446e8708c77dc5a325547a |
| noarch |
tomcat-docs-webapp-9.0.87-2.el8_10.noarch.rpm |
1478ff6052ccb3fe8a13c71f0636798bb9748b0e36a15f5d3cf64fa89330d741 |
| noarch |
tomcat-webapps-9.0.87-2.el8_10.noarch.rpm |
17d70a5db891573de90d06a646969af101ee2e353167d3bc9cb008d74ed79f5d |
| noarch |
tomcat-jsp-2.3-api-9.0.87-2.el8_10.noarch.rpm |
36dce555015ae827460c440a1b36f71aa3d0ec9ba985e202ee9fcafe92e491c0 |
| noarch |
tomcat-el-3.0-api-9.0.87-2.el8_10.noarch.rpm |
7c826956a6a5668fd6d76cd0ab1502b6209cdba3a3d3dcfc0b8fcab8c82a5cb4 |
| noarch |
tomcat-servlet-4.0-api-9.0.87-2.el8_10.noarch.rpm |
983b8219aa47d5c899135d7b95eba504002bbb1aaaf3f02e26b6a34af9afd110 |
| noarch |
tomcat-9.0.87-2.el8_10.noarch.rpm |
9ef6499a181a73cc0c13b7d0614c2953f25230ae2a778a1402e269abdbfa76ef |
| noarch |
tomcat-lib-9.0.87-2.el8_10.noarch.rpm |
d03a1e342d59e8737b226f5835a2aa9919987e4ba81b270a6290538efa72ec15 |