Several security issues were fixed in Tomcat.. ========================================================================== Ubuntu Security Notice USN-8383-1 June 04, 2026 tomcat6, tomcat7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Tomcat. Software Description: - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Details: It was discovered that Tomcat incorrectly handled digest authentication. A remote attacker could possibly use this issue to bypass authentication restrictions. (CVE-2026-43512) It was discovered that Tomcat incorrectly handled case sensitivity in LockOutRealm. A remote attacker could possibly use this issue to bypass account lockout protections and obtain sensitive information. (CVE-2026-43513) It was discovered that Tomcat incorrectly handled authorization when multiple method constraints defined the same HTTP method. A remote attacker could possibly use this issue to bypass authorization restrictions. (CVE-2026-43515) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libtomcat7-java 7.0.68-1ubuntu0.4+esm4 Available with Ubuntu Pro tomcat7 7.0.68-1ubuntu0.4+esm4 Available with Ubuntu Pro Ubuntu 14.04 LTS libtomcat6-java 6.0.39-1ubuntu0.1+esm3 Available with Ubuntu Pro libtomcat7-java 7.0.52-1ubuntu0.16+esm2 Available with Ubuntu Pro tomcat6 6.0.39-1ubuntu0.1+esm3 Available with Ubuntu Pro tomcat7 7.0.52-1ubuntu0.16+esm2 Available with Ubuntu Pro After astandard system update you need to restart Tomcat to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8383-1 CVE-2026-43512, CVE-2026-43513, CVE-2026-43515 . Explore security issues addressed in Tomcat for Ubuntu, focusing on authentication bypass and authorization flaws.. Tomcat security, Ubuntu Ghost vulnerabilities, Tomcat update, Ubuntu advisory. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.