[Apollo] Advisories Statistics light light Login

RLSA-2026:36879

Security Mirrored from RHSA-2026:36879
Issued at: 2026-07-10
Updated at: 2026-07-12

Synopsis

Important: tomcat security, bug fix, and enhancement update



Description

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

* Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor (CVE-2026-29146)

* Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass (CVE-2026-34486)

Bug Fix(es) and Enhancement(s):

* Remove tomcat clustering JAR from RPM builds (JIRA:Rocky Linux-183992)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 9 aarch64 Rocky Linux 9 ppc64le Rocky Linux 9 s390x Rocky Linux 9 x86_64

Fixes

2457020 2457027

CVEs

CVE-2026-29146 CVE-2026-34486

Affected packages

Rocky Linux 9 x86_64 - AppStream

tomcat-1:9.0.117-2.el9_8.noarch.rpm tomcat-1:9.0.117-2.el9_8.src.rpm tomcat-admin-webapps-1:9.0.117-2.el9_8.noarch.rpm tomcat-docs-webapp-1:9.0.117-2.el9_8.noarch.rpm tomcat-el-3.0-api-1:9.0.117-2.el9_8.noarch.rpm tomcat-jsp-2.3-api-1:9.0.117-2.el9_8.noarch.rpm tomcat-lib-1:9.0.117-2.el9_8.noarch.rpm tomcat-servlet-4.0-api-1:9.0.117-2.el9_8.noarch.rpm tomcat-webapps-1:9.0.117-2.el9_8.noarch.rpm

Rocky Linux 9 aarch64 - AppStream

tomcat-1:9.0.117-2.el9_8.noarch.rpm tomcat-1:9.0.117-2.el9_8.src.rpm tomcat-admin-webapps-1:9.0.117-2.el9_8.noarch.rpm tomcat-docs-webapp-1:9.0.117-2.el9_8.noarch.rpm tomcat-el-3.0-api-1:9.0.117-2.el9_8.noarch.rpm tomcat-jsp-2.3-api-1:9.0.117-2.el9_8.noarch.rpm tomcat-lib-1:9.0.117-2.el9_8.noarch.rpm tomcat-servlet-4.0-api-1:9.0.117-2.el9_8.noarch.rpm tomcat-webapps-1:9.0.117-2.el9_8.noarch.rpm

Rocky Linux 9 s390x - AppStream

tomcat-1:9.0.117-2.el9_8.noarch.rpm tomcat-1:9.0.117-2.el9_8.src.rpm tomcat-admin-webapps-1:9.0.117-2.el9_8.noarch.rpm tomcat-docs-webapp-1:9.0.117-2.el9_8.noarch.rpm tomcat-el-3.0-api-1:9.0.117-2.el9_8.noarch.rpm tomcat-jsp-2.3-api-1:9.0.117-2.el9_8.noarch.rpm tomcat-lib-1:9.0.117-2.el9_8.noarch.rpm tomcat-servlet-4.0-api-1:9.0.117-2.el9_8.noarch.rpm tomcat-webapps-1:9.0.117-2.el9_8.noarch.rpm

Rocky Linux 9 ppc64le - AppStream

tomcat-1:9.0.117-2.el9_8.noarch.rpm tomcat-1:9.0.117-2.el9_8.src.rpm tomcat-admin-webapps-1:9.0.117-2.el9_8.noarch.rpm tomcat-docs-webapp-1:9.0.117-2.el9_8.noarch.rpm tomcat-el-3.0-api-1:9.0.117-2.el9_8.noarch.rpm tomcat-jsp-2.3-api-1:9.0.117-2.el9_8.noarch.rpm tomcat-lib-1:9.0.117-2.el9_8.noarch.rpm tomcat-servlet-4.0-api-1:9.0.117-2.el9_8.noarch.rpm tomcat-webapps-1:9.0.117-2.el9_8.noarch.rpm