[ALSA-2026:36879] Important: tomcat security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2026-07-09
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor (CVE-2026-29146) * Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass (CVE-2026-34486) Bug Fix(es) and Enhancement(s): * Remove tomcat clustering JAR from RPM builds (JIRA:AlmaLinux-183992) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-admin-webapps-9.0.117-2.el9_8.noarch.rpm 21b54338c8911f7d0570dfc4074336245d72ecd7fd23b957b38844adfcbf6080
noarch tomcat-lib-9.0.117-2.el9_8.noarch.rpm 45d3d9c3b65f47423d088727c129740f81222b9b8bfa692878e832ef6390c98d
noarch tomcat-servlet-4.0-api-9.0.117-2.el9_8.noarch.rpm 466e8297da209d0af30af01e14bbef7218bf09463c608d213849d4582e764d0e
noarch tomcat-jsp-2.3-api-9.0.117-2.el9_8.noarch.rpm 96d0aed85ef0a69f45bb8a77dc6b293ab62c284f4a1a45d9c015e69c58864a9d
noarch tomcat-9.0.117-2.el9_8.noarch.rpm a5150c547f61bd7c396c7176e7d473f5dd29a61aca9f1feea88c733601d78dbf
noarch tomcat-el-3.0-api-9.0.117-2.el9_8.noarch.rpm b1bcaee9dc8dbb1ce4809e011e7a60dec43f5b5b22f04a7b83f18ddc347a5e66
noarch tomcat-docs-webapp-9.0.117-2.el9_8.noarch.rpm b283f9775d07ccfe3e013e36ecfa6a528400aa77ad95f9d2b03843579919f90a
noarch tomcat-webapps-9.0.117-2.el9_8.noarch.rpm ef598638b8b6b5ed0398ec7653df1c400833b2a665d7ef817ad3ddedcf6ea83e
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.