MGASA-2026-0139
- Source
- https://advisories.mageia.org/MGASA-2026-0139.html
- Import Source
- https://advisories.mageia.org/MGASA-2026-0139.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2026-0139
- Upstream
- Published
- 2026-05-15T06:17:07Z
- Modified
- 2026-05-15T06:30:06.541303Z
- Summary
- Updated tomcat packages fix security vulnerability
- Details
-
Unbounded read in WebDAV LOCK and PROPFIND handling. (CVE-2026-41284) HTTP/2 request headers not validated. (CVE-2026-41293) WebSocket authentication header exposure. (CVE-2026-42498) Digest authenticator will authenticate any unknown user. (CVE-2026-43512) LockOutRealm treats user names as case-sensitive. (CVE-2026-43513) AJP secret compared in non-constant time. (CVE-2026-43514) Security constraints not correctly applied. (CVE-2026-43515)
- References
-
- https://advisories.mageia.org/MGASA-2026-0139.html
- https://bugs.mageia.org/show_bug.cgi?id=35523
- https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.118
- https://www.openwall.com/lists/oss-security/2026/05/12/8
- https://www.openwall.com/lists/oss-security/2026/05/12/9
- https://www.openwall.com/lists/oss-security/2026/05/12/10
- https://www.openwall.com/lists/oss-security/2026/05/12/11
- https://www.openwall.com/lists/oss-security/2026/05/12/12
- https://www.openwall.com/lists/oss-security/2026/05/12/13
- https://www.openwall.com/lists/oss-security/2026/05/12/14
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / tomcat
Package
- Name
- tomcat
- Purl
- pkg:rpm/mageia/tomcat?arch=source&distro=mageia-9