Oval Definition:	oval:org.opensuse.security:def:65574
Revision Date: 2021-06-17 Version: 1 Title: Security update for jetty-minimal (Important) Description: This update for jetty-minimal fixes the following issues: Update to version 9.4.42.v20210604 - Fix: bsc#1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory - Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when client send data length > 17408 - Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs - Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory from deployment scan Family: unix Class: patch Status: Reference(s): 1092115 1164903 1169832 1170826 1172868 1174153 1174191 1174977 1184366 1184367 1184368 1187117 CVE-2018-9154 CVE-2020-14039 CVE-2020-15586 CVE-2020-16845 CVE-2021-28163 CVE-2021-28164 CVE-2021-28165 CVE-2021-28169 SUSE-SU-2021:2005-1 Platform(s): SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1 Product(s): Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information jasper-2.0.14-3.11 is installed OR libjasper4-32bit-2.0.14-3.11 is installed Definition Synopsis SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed AND Package Information jetty-http-9.4.42-3.9.1 is installed OR jetty-io-9.4.42-3.9.1 is installed OR jetty-security-9.4.42-3.9.1 is installed OR jetty-server-9.4.42-3.9.1 is installed OR jetty-servlet-9.4.42-3.9.1 is installed OR jetty-util-9.4.42-3.9.1 is installed OR jetty-util-ajax-9.4.42-3.9.1 is installed
BACK