Описание
Security update for jetty-minimal
This update for jetty-minimal fixes the following issues:
- Update to version 9.4.43.v20210629
- CVE-2021-34429: URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. (bsc#1188438)
Список пакетов
SUSE Linux Enterprise Module for Development Tools 15 SP2
jetty-http-9.4.43-3.12.2
jetty-io-9.4.43-3.12.2
jetty-security-9.4.43-3.12.2
jetty-server-9.4.43-3.12.2
jetty-servlet-9.4.43-3.12.2
jetty-util-9.4.43-3.12.2
jetty-util-ajax-9.4.43-3.12.2
SUSE Linux Enterprise Module for Development Tools 15 SP3
jetty-http-9.4.43-3.12.2
jetty-io-9.4.43-3.12.2
jetty-security-9.4.43-3.12.2
jetty-server-9.4.43-3.12.2
jetty-servlet-9.4.43-3.12.2
jetty-util-9.4.43-3.12.2
jetty-util-ajax-9.4.43-3.12.2
Ссылки
- Link for SUSE-SU-2021:2838-1
- E-Mail link for SUSE-SU-2021:2838-1
- SUSE Security Ratings
- SUSE Bug 1188438
- SUSE CVE CVE-2021-34429 page
Описание
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-http-9.4.43-3.12.2
SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-io-9.4.43-3.12.2
SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-security-9.4.43-3.12.2
SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-server-9.4.43-3.12.2
Ссылки
- CVE-2021-34429
- SUSE Bug 1188438