tomcat-9.0.87-2.el8_10

エラータID: AXSA:2026-1262:04

Release date: 
Wednesday, July 15, 2026 - 14:29
Subject: 
tomcat-9.0.87-2.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

* Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor (CVE-2026-29146)
* Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass (CVE-2026-34486)

Bug Fix(es) and Enhancement(s):

* Remove tomcat clustering JAR from RPM builds (JIRA:RHEL-183993)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-29146
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.
CVE-2026-34486
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. tomcat-9.0.87-2.el8_10.src.rpm
    MD5: 58de46c0c549c8af83b42f48c5edd665
    SHA-256: 03b84e48e0dcd04fe214317ff69c56aae712a38a205858750f3e845e728763a4
    Size: 15.14 MB

Asianux Server 8 for x86_64
  1. tomcat-9.0.87-2.el8_10.noarch.rpm
    MD5: 0edd4cbc5ffd79e67c747009f20d4de7
    SHA-256: 144066e65dca4c8c86b1dbdaf4aee7100a9c196fb156e1f89c1b98528e8123f6
    Size: 94.72 kB
  2. tomcat-admin-webapps-9.0.87-2.el8_10.noarch.rpm
    MD5: d9a5c8298c557b805264b960a6ff7880
    SHA-256: 79bbeee29e3e3ee3512218e6522015a9f3035bedad5b4247422c49b654900d1f
    Size: 75.65 kB
  3. tomcat-docs-webapp-9.0.87-2.el8_10.noarch.rpm
    MD5: 270dbf0ae0d02e5a8cb07b0da6c3abb9
    SHA-256: 72b7ad4ac98fbe05ea3d047a126bedee31c6c0a825a12e6196280557f2d7cf4c
    Size: 757.73 kB
  4. tomcat-el-3.0-api-9.0.87-2.el8_10.noarch.rpm
    MD5: e995dea50e055bfbc649bafc02ff1e56
    SHA-256: d0fa226037435b37e1f098a0d2e149537be1fcb645507f05bb5e71ed99209ea7
    Size: 108.68 kB
  5. tomcat-jsp-2.3-api-9.0.87-2.el8_10.noarch.rpm
    MD5: 152d17e775e891efca91014a01ac90bc
    SHA-256: 202bd7749dc8383387f257121f8ff3d10735633987f918207a701042473c7800
    Size: 74.57 kB
  6. tomcat-lib-9.0.87-2.el8_10.noarch.rpm
    MD5: 0531062ba0c7f27301283e7d085452e0
    SHA-256: 9e9ae6f4bb3baad5efc9840437aafd550cee76e8a9c7fb5e633d72dd4f56a594
    Size: 5.66 MB
  7. tomcat-servlet-4.0-api-9.0.87-2.el8_10.noarch.rpm
    MD5: 4e1cbd594bd7f127982bad69e54ec350
    SHA-256: b7e45f02996cb21950b6e9b853e3228e5ced3b0c86e4a251ce9cc5ae4efef13f
    Size: 289.26 kB
  8. tomcat-webapps-9.0.87-2.el8_10.noarch.rpm
    MD5: e0643dcdf2414320ed2a5125a7ec56fe
    SHA-256: dbe0cd5fbe52057945afb9d573de05a603286eb98eceafb8bc655979d6db865b
    Size: 83.09 kB