Explore top 10 tips to secure your open-source projects now. Read More
×
This update for tomcat11 fixes the following issues
Update to Tomcat 11.0.23.
Security issues fixed:
* CVE-2026-50229: improper neutralization of script-related HTML tags in the
number guess example (bsc#1269791).
* CVE-2026-53404: always-incorrect control flow implementation in the rewrite
valve caused non-OR conditions to be skipped if the first condition in an OR
chain matched (bsc#1269910).
* CVE-2026-53434: error condition not handled when configuring CRLs for a FFM
based connector (bsc#1269824).
* CVE-2026-55276: always-incorrect control flow implementation caused special
roles and empty authorization constraints to not be included when the
effective web.xml was logged (bsc#1269909).
* CVE-2026-55955: improper authentication allows a replay attack against the
EncryptionInterceptor in the cluster component (bsc#1269908).
* CVE-2026-55956: improper authorization leads to security constraints
specified for the default servlet ignoring...
Read the Full Advisory## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Web and Scripting Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-3087=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3087=1
* Web and Scripting Module 15-SP7 (noarch)
* tomcat11-11.0.23-150600.13.24.1
* tomcat11-el-6_0-api-11.0.23-150600.13.24.1
* tomcat11-servlet-6_1-api-11.0.23-150600.13.24.1
* tomcat11-lib-11.0.23-150600.13.24.1
* tomcat11-admin-webapps-11.0.23-150600.13.24.1
* tomcat11-jsp-4_0-api-11.0.23-150600.13.24.1
* tomcat11-webapps-11.0.23-150600.13.24.1
* openSUSE Leap 15.6 (noarch)
* tomcat11-jsvc-11.0.23-150600.13.24.1
* tomcat11-docs-webapp-11.0.23-150600.13.24.1
* tomcat11-11.0.23-150600.13.24.1
* tomcat11-el-6_0-api-11.0.23-150600.13.24.1
* tomcat11-servlet-6_1-api-11.0.23-150600.13.24.1
* tomcat11-lib-11.0.23-150600.13.24.1
* tomcat11-admin-webapps-11.0.23-150600.13.24.1
* tomcat11-jsp-4_0-api-11.0.23-150600.13.24.1
* tomcat11-webapps-11.0.23-150600.13.24.1
* tomcat11-embed-11.0.23-150600.13.24.1
* tomcat11-doc-11.0.23-150600.13.24.1
* bsc#1232390
* bsc#1269791
* bsc#1269824
* bsc#1269907
* bsc#1269908
* bsc#1269909
* bsc#1269910
## References:
* https://www.suse.com/security/cve/CVE-2026-50229.html
* https://www.suse.com/security/cve/CVE-2026-53404.html
* https://www.suse.com/security/cve/CVE-2026-53434.html
* https://www.suse.com/security/cve/CVE-2026-55276.html
* https://www.suse.com/security/cve/CVE-2026-55955.html
* https://www.suse.com/security/cve/CVE-2026-55956.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232390
* https://bugzilla.suse.com/show_bug.cgi?id=1269791
* https://bugzilla.suse.com/show_bug.cgi?id=1269824
* https://bugzilla.suse.com/show_bug.cgi?id=1269907
* https://bugzilla.suse.com/show_bug.cgi?id=1269908
* https://bugzilla.suse.com/show_bug.cgi?id=1269909
* https://bugzilla.suse.com/show_bug.cgi?id=1269910
Get the latest Linux and open source security news straight to your inbox.