Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor (CVE-2026-29146)
* Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass (CVE-2026-34486)
Bug Fix(es) and Enhancement(s):
* Remove tomcat clustering JAR from RPM builds (JIRA:AlmaLinux-183992)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| noarch |
tomcat-admin-webapps-9.0.117-2.el9_8.noarch.rpm |
21b54338c8911f7d0570dfc4074336245d72ecd7fd23b957b38844adfcbf6080 |
| noarch |
tomcat-lib-9.0.117-2.el9_8.noarch.rpm |
45d3d9c3b65f47423d088727c129740f81222b9b8bfa692878e832ef6390c98d |
| noarch |
tomcat-servlet-4.0-api-9.0.117-2.el9_8.noarch.rpm |
466e8297da209d0af30af01e14bbef7218bf09463c608d213849d4582e764d0e |
| noarch |
tomcat-jsp-2.3-api-9.0.117-2.el9_8.noarch.rpm |
96d0aed85ef0a69f45bb8a77dc6b293ab62c284f4a1a45d9c015e69c58864a9d |
| noarch |
tomcat-9.0.117-2.el9_8.noarch.rpm |
a5150c547f61bd7c396c7176e7d473f5dd29a61aca9f1feea88c733601d78dbf |
| noarch |
tomcat-el-3.0-api-9.0.117-2.el9_8.noarch.rpm |
b1bcaee9dc8dbb1ce4809e011e7a60dec43f5b5b22f04a7b83f18ddc347a5e66 |
| noarch |
tomcat-docs-webapp-9.0.117-2.el9_8.noarch.rpm |
b283f9775d07ccfe3e013e36ecfa6a528400aa77ad95f9d2b03843579919f90a |
| noarch |
tomcat-webapps-9.0.117-2.el9_8.noarch.rpm |
ef598638b8b6b5ed0398ec7653df1c400833b2a665d7ef817ad3ddedcf6ea83e |