Описание
Security update for jetty-minimal
This update for jetty-minimal fixes the following issues:
- Update to version 9.4.43.v20210629
- CVE-2021-34429: URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. (bsc#1188438)
Список пакетов
openSUSE Leap 15.3
jetty-annotations-9.4.43-3.12.2
jetty-client-9.4.43-3.12.2
jetty-continuation-9.4.43-3.12.2
jetty-http-9.4.43-3.12.2
jetty-io-9.4.43-3.12.2
jetty-jaas-9.4.43-3.12.2
jetty-javax-websocket-client-impl-9.4.43-3.12.2
jetty-javax-websocket-server-impl-9.4.43-3.12.2
jetty-jmx-9.4.43-3.12.2
jetty-jndi-9.4.43-3.12.2
jetty-jsp-9.4.43-3.12.2
jetty-minimal-javadoc-9.4.43-3.12.2
jetty-openid-9.4.43-3.12.2
jetty-plus-9.4.43-3.12.2
jetty-proxy-9.4.43-3.12.2
jetty-security-9.4.43-3.12.2
jetty-server-9.4.43-3.12.2
jetty-servlet-9.4.43-3.12.2
jetty-util-9.4.43-3.12.2
jetty-util-ajax-9.4.43-3.12.2
jetty-webapp-9.4.43-3.12.2
jetty-websocket-api-9.4.43-3.12.2
jetty-websocket-client-9.4.43-3.12.2
jetty-websocket-common-9.4.43-3.12.2
jetty-websocket-javadoc-9.4.43-3.12.2
jetty-websocket-server-9.4.43-3.12.2
jetty-websocket-servlet-9.4.43-3.12.2
jetty-xml-9.4.43-3.12.2
Ссылки
- E-Mail link for openSUSE-SU-2021:2838-1
- SUSE Security Ratings
- SUSE Bug 1188438
- SUSE CVE CVE-2021-34429 page
Описание
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
Затронутые продукты
openSUSE Leap 15.3:jetty-annotations-9.4.43-3.12.2
openSUSE Leap 15.3:jetty-client-9.4.43-3.12.2
openSUSE Leap 15.3:jetty-continuation-9.4.43-3.12.2
openSUSE Leap 15.3:jetty-http-9.4.43-3.12.2
Ссылки
- CVE-2021-34429
- SUSE Bug 1188438