Release date:
2026-06-09 09:31:31 UTC
Description:
- CVE-2025-55668: fix session fixation in RewriteValve by encoding session id into
sendRedirect URL and recycling session info on rewrite reinvoke
- CVE-2026-29146: fix padding oracle in EncryptInterceptor by changing default
cipher to AES/GCM/NoPadding and rejecting insecure mode+padding combinations
Updated packages:
-
tomcat-9.0.62-12.el9_2.1.tuxcare.els3.noarch.rpm
sha:490b1b1314a67a1315697a5662eef9178dc435d76d49b2d5f24153966e4df49c
-
tomcat-admin-webapps-9.0.62-12.el9_2.1.tuxcare.els3.noarch.rpm
sha:edcbcf93f63385b2b6c7972da1aaea8e1547c1f32bd811b588f7aeae4f072fb5
-
tomcat-docs-webapp-9.0.62-12.el9_2.1.tuxcare.els3.noarch.rpm
sha:7d4eedcbef1b902b285f50bec8864c4fa83408287f55b96dd694c121d2c653b3
-
tomcat-el-3.0-api-9.0.62-12.el9_2.1.tuxcare.els3.noarch.rpm
sha:4f4f4b3a7231a7855468c865609bb7e95cf70dd2abc1222b12c02f251287991d
-
tomcat-jsp-2.3-api-9.0.62-12.el9_2.1.tuxcare.els3.noarch.rpm
sha:5c33ce4652931804fe1eb505152ff3af6be438741ed32c88b85c6118c19c4cfe
-
tomcat-lib-9.0.62-12.el9_2.1.tuxcare.els3.noarch.rpm
sha:7d5bf0b6a5a41d3ae015c41c48e3ae16502eba58ad7e462955cabda3b0c2f631
-
tomcat-servlet-4.0-api-9.0.62-12.el9_2.1.tuxcare.els3.noarch.rpm
sha:292f92781a36670b488e496a1b90837d2955ba999e3e1eea398cb177727b5d06
-
tomcat-webapps-9.0.62-12.el9_2.1.tuxcare.els3.noarch.rpm
sha:049a91c38098c80261e0edc8eb08f4264c0b298faca10606b65fca87d1bf1d5b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
