Security News

Cybersecurity news aggregator

🔄
INFO Updates Red Hat Errata

RHSA-2026:19054: Important: tomcat security update

javaweb-servercve-2026-24734
  • What: Security update for Apache Tomcat
  • Impact: Red Hat Enterprise Linux 10 systems using Tomcat
Read Full Article →

Red Hat Product Errata RHSA-2026:19054 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19054 - Security Advisory Overview Updated Packages Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for tomcat is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation (CVE-2026-24734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2440426 - CVE-2026-24734 tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVEs CVE-2026-24734 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM tomcat-10.1.49-1.el10_2.1.src.rpm SHA-256: 04240f7f1bd458bce60bea6389f19a73e3a3d50b6bd34e0fc471e290c30fc7c7 x86_64 tomcat-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 1b1f55c07581f98a4e1c7a142cc4757c21fb9dcf945beda8c50379f7acef4ae4 tomcat-admin-webapps-10.1.49-1.el10_2.1.noarch.rpm SHA-256: efb1e10d14adf5984b4bc7c0961ea21c5a337fbb5cccff70ca0f6bc90f2384f0 tomcat-docs-webapp-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 096e6d1b38b3d4a3d8baf274942e92cfafbe06533c307259e9af8ce0e716c7d5 tomcat-el-5.0-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 433f2e5d7c1331ba591616d336594f8093119d34f7eb86f74816f62bc24348d1 tomcat-jsp-3.1-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 0b2231b99219ae37b066f49b4ca930ca995e4d91655e0f78f1ff927f86ddc8b4 tomcat-lib-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 88d93d50734c90a1d673df139ff9865c55775e1ad364c94d771d87a5ba6027de tomcat-servlet-6.0-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: c0883563002fd99124389767e2eb5bd30b73ce496484055ff43477f43ed6ff2b tomcat-webapps-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 085b1073ec7fa65ccf66324b328c2b86173c515e891df6e85c08f79cd659714c Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM tomcat-10.1.49-1.el10_2.1.src.rpm SHA-256: 04240f7f1bd458bce60bea6389f19a73e3a3d50b6bd34e0fc471e290c30fc7c7 x86_64 tomcat-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 1b1f55c07581f98a4e1c7a142cc4757c21fb9dcf945beda8c50379f7acef4ae4 tomcat-admin-webapps-10.1.49-1.el10_2.1.noarch.rpm SHA-256: efb1e10d14adf5984b4bc7c0961ea21c5a337fbb5cccff70ca0f6bc90f2384f0 tomcat-docs-webapp-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 096e6d1b38b3d4a3d8baf274942e92cfafbe06533c307259e9af8ce0e716c7d5 tomcat-el-5.0-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 433f2e5d7c1331ba591616d336594f8093119d34f7eb86f74816f62bc24348d1 tomcat-jsp-3.1-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 0b2231b99219ae37b066f49b4ca930ca995e4d91655e0f78f1ff927f86ddc8b4 tomcat-lib-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 88d93d50734c90a1d673df139ff9865c55775e1ad364c94d771d87a5ba6027de tomcat-servlet-6.0-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: c0883563002fd99124389767e2eb5bd30b73ce496484055ff43477f43ed6ff2b tomcat-webapps-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 085b1073ec7fa65ccf66324b328c2b86173c515e891df6e85c08f79cd659714c Red Hat Enterprise Linux for IBM z Systems 10 SRPM tomcat-10.1.49-1.el10_2.1.src.rpm SHA-256: 04240f7f1bd458bce60bea6389f19a73e3a3d50b6bd34e0fc471e290c30fc7c7 s390x tomcat-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 1b1f55c07581f98a4e1c7a142cc4757c21fb9dcf945beda8c50379f7acef4ae4 tomcat-admin-webapps-10.1.49-1.el10_2.1.noarch.rpm SHA-256: efb1e10d14adf5984b4bc7c0961ea21c5a337fbb5cccff70ca0f6bc90f2384f0 tomcat-docs-webapp-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 096e6d1b38b3d4a3d8baf274942e92cfafbe06533c307259e9af8ce0e716c7d5 tomcat-el-5.0-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 433f2e5d7c1331ba591616d336594f8093119d34f7eb86f74816f62bc24348d1 tomcat-jsp-3.1-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 0b2231b99219ae37b066f49b4ca930ca995e4d91655e0f78f1ff927f86ddc8b4 tomcat-lib-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 88d93d50734c90a1d673df139ff9865c55775e1ad364c94d771d87a5ba6027de tomcat-servlet-6.0-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: c0883563002fd99124389767e2eb5bd30b73ce496484055ff43477f43ed6ff2b tomcat-webapps-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 085b1073ec7fa65ccf66324b328c2b86173c515e891df6e85c08f79cd659714c Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM tomcat-10.1.49-1.el10_2.1.src.rpm SHA-256: 04240f7f1bd458bce60bea6389f19a73e3a3d50b6bd34e0fc471e290c30fc7c7 s390x tomcat-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 1b1f55c07581f98a4e1c7a142cc4757c21fb9dcf945beda8c50379f7acef4ae4 tomcat-admin-webapps-10.1.49-1.el10_2.1.noarch.rpm SHA-256: efb1e10d14adf5984b4bc7c0961ea21c5a337fbb5cccff70ca0f6bc90f2384f0 tomcat-docs-webapp-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 096e6d1b38b3d4a3d8baf274942e92cfafbe06533c307259e9af8ce0e716c7d5 tomcat-el-5.0-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 433f2e5d7c1331ba591616d336594f8093119d34f7eb86f74816f62bc24348d1 tomcat-jsp-3.1-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 0b2231b99219ae37b066f49b4ca930ca995e4d91655e0f78f1ff927f86ddc8b4 tomcat-lib-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 88d93d50734c90a1d673df139ff9865c55775e1ad364c94d771d87a5ba6027de tomcat-servlet-6.0-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: c0883563002fd99124389767e2eb5bd30b73ce496484055ff43477f43ed6ff2b tomcat-webapps-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 085b1073ec7fa65ccf66324b328c2b86173c515e891df6e85c08f79cd659714c Red Hat Enterprise Linux for Power, little endian 10 SRPM tomcat-10.1.49-1.el10_2.1.src.rpm SHA-256: 04240f7f1bd458bce60bea6389f19a73e3a3d50b6bd34e0fc471e290c30fc7c7 ppc64le tomcat-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 1b1f55c07581f98a4e1c7a142cc4757c21fb9dcf945beda8c50379f7acef4ae4 tomcat-admin-webapps-10.1.49-1.el10_2.1.noarch.rpm SHA-256: efb1e10d14adf5984b4bc7c0961ea21c5a337fbb5cccff70ca0f6bc90f2384f0 tomcat-docs-webapp-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 096e6d1b38b3d4a3d8baf274942e92cfafbe06533c307259e9af8ce0e716c7d5 tomcat-el-5.0-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 433f2e5d7c1331ba591616d336594f8093119d34f7eb86f74816f62bc24348d1 tomcat-jsp-3.1-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 0b2231b99219ae37b066f49b4ca930ca995e4d91655e0f78f1ff927f86ddc8b4 tomcat-lib-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 88d93d50734c90a1d673df139ff9865c55775e1ad364c94d771d87a5ba6027de tomcat-servlet-6.0-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: c0883563002fd99124389767e2eb5bd30b73ce496484055ff43477f43ed6ff2b tomcat-webapps-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 085b1073ec7fa65ccf66324b328c2b86173c515e891df6e85c08f79cd659714c Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 SRPM tomcat-10.1.49-1.el10_2.1.src.rpm SHA-256: 04240f7f1bd458bce60bea6389f19a73e3a3d50b6bd34e0fc471e290c30fc7c7 ppc64le tomcat-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 1b1f55c07581f98a4e1c7a142cc4757c21fb9dcf945beda8c50379f7acef4ae4 tomcat-admin-webapps-10.1.49-1.el10_2.1.noarch.rpm SHA-256: efb1e10d14adf5984b4bc7c0961ea21c5a337fbb5cccff70ca0f6bc90f2384f0 tomcat-docs-webapp-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 096e6d1b38b3d4a3d8baf274942e92cfafbe06533c307259e9af8ce0e716c7d5 tomcat-el-5.0-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 433f2e5d7c1331ba591616d336594f8093119d34f7eb86f74816f62bc24348d1 tomcat-jsp-3.1-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 0b2231b99219ae37b066f49b4ca930ca995e4d91655e0f78f1ff927f86ddc8b4 tomcat-lib-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 88d93d50734c90a1d673df139ff9865c55775e1ad364c94d771d87a5ba6027de tomcat-servlet-6.0-api-10.1.49-1.el10_2.1.noarch.rpm SHA-256: c0883563002fd99124389767e2eb5bd30b73ce496484055ff43477f43ed6ff2b tomcat-webapps-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 085b1073ec7fa65ccf66324b328c2b86173c515e891df6e85c08f79cd659714c Red Hat Enterprise Linux for ARM 64 10 SRPM tomcat-10.1.49-1.el10_2.1.src.rpm SHA-256: 04240f7f1bd458bce60bea6389f19a73e3a3d50b6bd34e0fc471e290c30fc7c7 aarch64 tomcat-10.1.49-1.el10_2.1.noarch.rpm SHA-256: 1b1f55c07581f98a4e1c7a142cc4757c21fb9dcf945beda8c50379f7acef4ae4 tomcat-admin-webapps-10.1.49-1.el10_2.1.noarch.rpm SHA-256: efb1e10d14adf5984b4bc7c0961ea21c5

Related Articles

HIGH [UPDATE] [mittel] Apache Tomcat: Mehrere Schwachstellen BSI Germany CRITICAL [UPDATE] [hoch] Apache Tomcat: Mehrere Schwachstellen BSI Germany CRITICAL [UPDATE] [hoch] Apache Tomcat: Schwachstelle ermöglicht Codeausführung BSI Germany HIGH [UPDATE] [mittel] Apache Tomcat: Mehrere Schwachstellen BSI Germany
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn