Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

openSUSE Tomcat11 Moderate Security Update for CVE-2026-50229 and others

opensuse
Calendar Grey July 15, 2026
Dist Opensuse Esm H88
Install the latest openSUSE security update for tomcat11 to resolve six issues, ensuring system integrity and safety.
An update that solves 6 vulnerabilities and has 7 bug fixes can now be installed.

Description

This update for tomcat11 fixes the following issues

Update to Tomcat 11.0.23.

Security issues fixed:

- CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example (bsc#1269791).

- CVE-2026-53404: always-incorrect control flow implementation in the rewrite valve caused non-OR conditions to be

skipped if the first condition in an OR chain matched (bsc#1269910).

- CVE-2026-53434: error condition not handled when configuring CRLs for a FFM based connector (bsc#1269824).

- CVE-2026-55276: always-incorrect control flow implementation caused special roles and empty authorization constraints

to not be included when the effective web.xml was logged (bsc#1269909).

- CVE-2026-55955: improper authentication allows a replay attack against the EncryptionInterceptor in the cluster

component (bsc#1269908).

- CVE-2026-55956: improper authorization leads to security constraints specified for the default servlet ignoring any

method or method omission...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

tomcat11-11.0.23-160000.1.1

tomcat11-admin-webapps-11.0.23-160000.1.1

tomcat11-doc-11.0.23-160000.1.1

tomcat11-docs-webapp-11.0.23-160000.1.1

tomcat11-el-6_0-api-11.0.23-160000.1.1

tomcat11-embed-11.0.23-160000.1.1

tomcat11-jsp-4_0-api-11.0.23-160000.1.1

tomcat11-jsvc-11.0.23-160000.1.1

tomcat11-lib-11.0.23-160000.1.1

tomcat11-servlet-6_1-api-11.0.23-160000.1.1

tomcat11-webapps-11.0.23-160000.1.1

References

* bsc#1232390

* bsc#1269791

* bsc#1269824

* bsc#1269907

* bsc#1269908

* bsc#1269909

* bsc#1269910

References:

* https://www.suse.com/security/cve/CVE-2026-50229.html

* https://www.suse.com/security/cve/CVE-2026-53404.html

* https://www.suse.com/security/cve/CVE-2026-53434.html

* https://www.suse.com/security/cve/CVE-2026-55276.html

* https://www.suse.com/security/cve/CVE-2026-55955.html

* https://www.suse.com/security/cve/CVE-2026-55956.html

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21329-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.