[ALSA-2026:37137] Important: tomcat security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2026-07-10
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor (CVE-2026-29146) * Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass (CVE-2026-34486) Bug Fix(es) and Enhancement(s): * Remove tomcat clustering JAR from RPM builds (JIRA:AlmaLinux-183993) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-admin-webapps-9.0.87-2.el8_10.noarch.rpm 0a847f523c4539f66f9b201382adcd6cd284b7db91446e8708c77dc5a325547a
noarch tomcat-docs-webapp-9.0.87-2.el8_10.noarch.rpm 1478ff6052ccb3fe8a13c71f0636798bb9748b0e36a15f5d3cf64fa89330d741
noarch tomcat-webapps-9.0.87-2.el8_10.noarch.rpm 17d70a5db891573de90d06a646969af101ee2e353167d3bc9cb008d74ed79f5d
noarch tomcat-jsp-2.3-api-9.0.87-2.el8_10.noarch.rpm 36dce555015ae827460c440a1b36f71aa3d0ec9ba985e202ee9fcafe92e491c0
noarch tomcat-el-3.0-api-9.0.87-2.el8_10.noarch.rpm 7c826956a6a5668fd6d76cd0ab1502b6209cdba3a3d3dcfc0b8fcab8c82a5cb4
noarch tomcat-servlet-4.0-api-9.0.87-2.el8_10.noarch.rpm 983b8219aa47d5c899135d7b95eba504002bbb1aaaf3f02e26b6a34af9afd110
noarch tomcat-9.0.87-2.el8_10.noarch.rpm 9ef6499a181a73cc0c13b7d0614c2953f25230ae2a778a1402e269abdbfa76ef
noarch tomcat-lib-9.0.87-2.el8_10.noarch.rpm d03a1e342d59e8737b226f5835a2aa9919987e4ba81b270a6290538efa72ec15
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.