Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 9 Tomcat Important WebDAV HTTP/2 Security Fix MGASA-2026-0139

mageia
Calendar Grey May 15, 2026
Dist Mageia Esm H88
Updated tomcat packages in Mageia resolve multiple security issues. Critical vulnerabilities fixed ensure safer application operation.
MGASA-2026-0139 - Updated tomcat packages fix security vulnerability

Summary

Description: Unbounded read in WebDAV LOCK and PROPFIND handling. (CVE-2026-41284) HTTP/2 request headers not validated. (CVE-2026-41293) WebSocket authentication header exposure. (CVE-2026-42498) Digest authenticator will authenticate any unknown user. (CVE-2026-43512) LockOutRealm treats user names as case-sensitive. (CVE-2026-43513) AJP secret compared in non-constant time. (CVE-2026-43514) Security constraints not correctly applied. (CVE-2026-43515)

References

- https://bugs.mageia.org/show_bug.cgi?id=35523

- https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.118

- https://www.openwall.com/lists/oss-security/2026/05/12/8

- https://www.openwall.com/lists/oss-security/2026/05/12/9

- https://www.openwall.com/lists/oss-security/2026/05/12/10

- https://www.openwall.com/lists/oss-security/2026/05/12/11

- https://www.openwall.com/lists/oss-security/2026/05/12/12

- https://www.openwall.com/lists/oss-security/2026/05/12/13

- https://www.openwall.com/lists/oss-security/2026/05/12/14

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41284

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41293

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42498

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43512

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43513

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43514

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43515

Topics%20covered

Topics Covered

security advisory important webdav authentication Mageia HTTP2

Resolution

SRPMS

- 9/core/tomcat-9.0.118-1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 15 May 2026
URL: https://advisories.mageia.org/MGASA-2026-0139.html
Type: security
CVE: CVE-2026-41284, CVE-2026-41293, CVE-2026-42498, CVE-2026-43512, CVE-2026-43513, CVE-2026-43514, CVE-2026-43515

Topics%20covered

Topics Covered

security advisory important webdav authentication Mageia HTTP2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here