Apache Tomcat Connectors vulnerability
Published: Tue, 02 Jun 2026 13:16
Summary
Apache Tomcat Connectors could allow local users to expose sensitive information or cause a denial of service.
Details
It was discovered that Apache Tomcat Connectors used incorrect default permissions for shared memory on Unix-like systems. A local attacker could possibly use this issue to view or modify mod_jk configuration data in shared memory, resulting in sensitive information exposure or a denial of service.
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu bionic
libapache-mod-jk→1:1.2.43-1ubuntu0.1~esm2apt_upgrade_esmFixed at 1:1.2.43-1ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libapache-mod-jk=1:1.2.43-1ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
libapache-mod-jk-doc→1:1.2.43-1ubuntu0.1~esm2apt_upgrade_esmFixed at 1:1.2.43-1ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libapache-mod-jk-doc=1:1.2.43-1ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
libapache2-mod-jk→1:1.2.43-1ubuntu0.1~esm2apt_upgrade_esmFixed at 1:1.2.43-1ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libapache2-mod-jk=1:1.2.43-1ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Ubuntu focal
libapache-mod-jk→1:1.2.46-1ubuntu0.1+esm1apt_upgradeStandard apt upgrade. Install 1:1.2.46-1ubuntu0.1+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libapache-mod-jk
Most apt upgrades restart their service automatically. needrestart lists anything else.
libapache2-mod-jk→1:1.2.46-1ubuntu0.1+esm1apt_upgradeStandard apt upgrade. Install 1:1.2.46-1ubuntu0.1+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libapache2-mod-jk
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu jammy
libapache-mod-jk→1:1.2.48-1ubuntu0.1+esm1apt_upgradeStandard apt upgrade. Install 1:1.2.48-1ubuntu0.1+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libapache-mod-jk
Most apt upgrades restart their service automatically. needrestart lists anything else.
libapache2-mod-jk→1:1.2.48-1ubuntu0.1+esm1apt_upgradeStandard apt upgrade. Install 1:1.2.48-1ubuntu0.1+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libapache2-mod-jk
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu noble
libapache-mod-jk→1:1.2.49-1ubuntu0.1~esm1apt_upgrade_esmFixed at 1:1.2.49-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libapache-mod-jk=1:1.2.49-1ubuntu0.1~esm1
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
libapache-mod-jk-doc→1:1.2.49-1ubuntu0.1~esm1apt_upgrade_esmFixed at 1:1.2.49-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libapache-mod-jk-doc=1:1.2.49-1ubuntu0.1~esm1
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
libapache2-mod-jk→1:1.2.49-1ubuntu0.1~esm1apt_upgrade_esmFixed at 1:1.2.49-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libapache2-mod-jk=1:1.2.49-1ubuntu0.1~esm1
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Ubuntu xenial
libapache-mod-jk→1:1.2.41-1ubuntu0.1~esm1apt_upgrade_esmFixed at 1:1.2.41-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libapache-mod-jk=1:1.2.41-1ubuntu0.1~esm1
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
libapache-mod-jk-doc→1:1.2.41-1ubuntu0.1~esm1apt_upgrade_esmFixed at 1:1.2.41-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libapache-mod-jk-doc=1:1.2.41-1ubuntu0.1~esm1
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
libapache2-mod-jk→1:1.2.41-1ubuntu0.1~esm1apt_upgrade_esmFixed at 1:1.2.41-1ubuntu0.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libapache2-mod-jk=1:1.2.41-1ubuntu0.1~esm1
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Are YOU affected by USN-8369-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8369-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.