Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

openSUSE Tomcat Moderate Security Concern - Advisory 2026-21327-1

opensuse
Calendar Grey July 15, 2026
Dist Opensuse Esm H88
Security update for openSUSE addresses multiple issues in Tomcat. Install patches to mitigate risks.
An update that solves 6 vulnerabilities and has 6 bug fixes can now be installed.

Description

This update for tomcat fixes the following issues

Update to Tomcat 9.0.119.

Security issues fixed:

- CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example (bsc#1269791).

- CVE-2026-53404: always-incorrect control flow implementation in the rewrite valve caused non-OR conditions to be

skipped if the first condition in an OR chain matched (bsc#1269910).

- CVE-2026-53434: error condition not handled when configuring CRLs for a FFM based connector (bsc#1269824).

- CVE-2026-55276: always-incorrect control flow implementation caused special roles and empty authorization constraints

to not be included when the effective web.xml was logged (bsc#1269909).

- CVE-2026-55955: improper authentication allows a replay attack against the EncryptionInterceptor in the cluster

component (bsc#1269908).

- CVE-2026-55956: improper authorization leads to security constraints specified for the default servlet ignoring any

method or method omission...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

tomcat-9.0.119-160000.1.1

tomcat-admin-webapps-9.0.119-160000.1.1

tomcat-docs-webapp-9.0.119-160000.1.1

tomcat-el-3_0-api-9.0.119-160000.1.1

tomcat-embed-9.0.119-160000.1.1

tomcat-javadoc-9.0.119-160000.1.1

tomcat-jsp-2_3-api-9.0.119-160000.1.1

tomcat-jsvc-9.0.119-160000.1.1

tomcat-lib-9.0.119-160000.1.1

tomcat-servlet-4_0-api-9.0.119-160000.1.1

tomcat-webapps-9.0.119-160000.1.1

References

* bsc#1269791

* bsc#1269824

* bsc#1269907

* bsc#1269908

* bsc#1269909

* bsc#1269910

References:

* https://www.suse.com/security/cve/CVE-2026-50229.html

* https://www.suse.com/security/cve/CVE-2026-53404.html

* https://www.suse.com/security/cve/CVE-2026-53434.html

* https://www.suse.com/security/cve/CVE-2026-55276.html

* https://www.suse.com/security/cve/CVE-2026-55955.html

* https://www.suse.com/security/cve/CVE-2026-55956.html

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21327-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.