Several security issues were fixed in Tomcat.
Software Description:
- tomcat10: Servlet and JSP engine
- tomcat9: Servlet and JSP engine
Details:
It was discovered that Tomcat did not properly limit the size of
WebDAV LOCK and PROPFIND request bodies. A remote attacker could
use this issue to cause Tomcat to consume excessive memory,
resulting in a denial of service. (CVE-2026-41284)
It was discovered that Tomcat incorrectly validated HTTP/2 header
fields. A remote attacker could use this issue to cause Tomcat to
crash or possibly execute arbitrary code. (CVE-2026-41293)
It was discovered that Tomcat did not properly clear HTTP
authentication headers during WebSocket connection upgrades and
redirects. A remote attacker could use this issue to obtain
sensitive credentials. (CVE-2026-42498)
It was discovered that Tomcat incorrectly handled digest
authentication. A remote attacker could possibly use this issue to
bypass authentication restrictions. (CVE-2026-43512)
It was disco...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
libtomcat10-embed-java 10.1.40-1ubuntu1.26.04.1
libtomcat10-java 10.1.40-1ubuntu1.26.04.1
libtomcat9-java 9.0.115-1ubuntu0.1
tomcat10 10.1.40-1ubuntu1.26.04.1
Ubuntu 25.10
libtomcat10-embed-java 10.1.40-1ubuntu1.25.10.1
libtomcat10-java 10.1.40-1ubuntu1.25.10.1
libtomcat9-java 9.0.95-1ubuntu1.1
tomcat10 10.1.40-1ubuntu1.25.10.1
Ubuntu 24.04 LTS
libtomcat10-embed-java 10.1.16-1ubuntu0.1~esm4
Available with Ubuntu Pro
libtomcat10-java 10.1.16-1ubuntu0.1~esm4
Available with Ubuntu Pro
libtomcat9-java 9.0.70-2ubuntu0.1+esm3
Available with Ubuntu Pro
tomcat10 10.1.16-1ubuntu0.1~esm4
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libtomcat9-embed-java 9.0.58-1ubuntu0.2+esm4
Available with Ubuntu Pro
libtomcat9-java 9.0.58-1ubuntu0.2+esm4
Available with Ubuntu Pro
tomcat9 9.0.58-1ubuntu0.2+esm4
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libtomcat9-embed-java 9.0.31-1ubuntu0.9+esm3
Available with Ubuntu Pro
libtomcat9-java 9.0.31-1ubuntu0.9+esm3
Available with Ubuntu Pro
tomcat9 9.0.31-1ubuntu0.9+esm3
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libtomcat9-embed-java 9.0.16-3ubuntu0.18.04.2+esm8
Available with Ubuntu Pro
libtomcat9-java 9.0.16-3ubuntu0.18.04.2+esm8
Available with Ubuntu Pro
tomcat9 9.0.16-3ubuntu0.18.04.2+esm8
Available with Ubuntu Pro
After a standard system update you need to restart Tomcat to make
all the necessary changes.https://ubuntu.com/security/notices/USN-8417-1
CVE-2026-41284, CVE-2026-41293, CVE-2026-42498, CVE-2026-43512,
CVE-2026-43513, CVE-2026-43515
Get the latest Linux and open source security news straight to your inbox.