Updated tomcat packages fix security vulnerabilities
Publication date: 14 Mar 2026Modification date: 13 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-66614 , CVE-2026-24733 , CVE-2026-24734
Description
Client certificate verification bypass due to virtual host mapping.
(CVE-2025-66614)
Security constraint bypass with HTTP/0.9. (CVE-2026-24733)
OCSP revocation bypass. (CVE-2026-24734)
References
- https://bugs.mageia.org/show_bug.cgi?id=35192
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/G27HXAIMRCGPRM6GBYQX7NUKNQS4RLJ4/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66614
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24733
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734
SRPMS
9/core
- tomcat-9.0.115-1.mga9