[Apollo] Advisories Statistics light light Login

RLSA-2026:18537

Security Mirrored from RHSA-2026:18537
Issued at: 2026-05-29
Updated at: 2026-05-29

Synopsis

Important: tomcat security update



Description

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)

* org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)

* org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation (CVE-2025-55754)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section.



Affected products

Rocky Linux 10 aarch64 Rocky Linux 10 ppc64le Rocky Linux 10 riscv64 Rocky Linux 10 s390x Rocky Linux 10 x86_64

Fixes

2388226 2406590 2369253

CVEs

CVE-2025-46701 CVE-2025-55668 CVE-2025-55754

Affected packages

Rocky Linux 10 aarch64 - AppStream

tomcat-servlet-6.0-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-webapps-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-lib-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-1:10.1.49-1.el10_2.1.src.rpm tomcat-jsp-3.1-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-admin-webapps-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-el-5.0-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-docs-webapp-1:10.1.49-1.el10_2.1.noarch.rpm

Rocky Linux 10 ppc64le - AppStream

tomcat-servlet-6.0-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-webapps-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-lib-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-1:10.1.49-1.el10_2.1.src.rpm tomcat-jsp-3.1-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-admin-webapps-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-el-5.0-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-docs-webapp-1:10.1.49-1.el10_2.1.noarch.rpm

Rocky Linux 10 riscv64 - AppStream

tomcat-servlet-6.0-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-webapps-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-lib-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-1:10.1.49-1.el10_2.1.src.rpm tomcat-jsp-3.1-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-admin-webapps-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-el-5.0-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-docs-webapp-1:10.1.49-1.el10_2.1.noarch.rpm

Rocky Linux 10 s390x - AppStream

tomcat-servlet-6.0-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-webapps-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-lib-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-1:10.1.49-1.el10_2.1.src.rpm tomcat-jsp-3.1-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-admin-webapps-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-el-5.0-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-docs-webapp-1:10.1.49-1.el10_2.1.noarch.rpm

Rocky Linux 10 x86_64 - AppStream

tomcat-servlet-6.0-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-webapps-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-lib-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-1:10.1.49-1.el10_2.1.src.rpm tomcat-jsp-3.1-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-admin-webapps-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-el-5.0-api-1:10.1.49-1.el10_2.1.noarch.rpm tomcat-docs-webapp-1:10.1.49-1.el10_2.1.noarch.rpm