Oval Definition:oval:org.opensuse.security:def:65644
Revision Date:2021-06-17Version:1
Title:Security update for jetty-minimal (Important)
Description:

This update for jetty-minimal fixes the following issues:

Update to version 9.4.42.v20210604

- Fix: bsc#1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory - Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when client send data length > 17408 - Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs - Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory from deployment scan
Family:unixClass:patch
Status:Reference(s):1151612
1158257
1169134
1170487
1174543
1174591
1175061
1175240
1175781
1177843
1184366
1184367
1184368
1187117
CVE-2020-25660
CVE-2021-28163
CVE-2021-28164
CVE-2021-28165
CVE-2021-28169
SUSE-SU-2021:2005-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Development Tools 15 SP3
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • dfu-tool-1.0.9-6.5 is installed
  • OR fwupd-1.0.9-6.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 SP3 is installed
  • AND Package Information
  • jetty-http-9.4.42-3.9.1 is installed
  • OR jetty-io-9.4.42-3.9.1 is installed
  • OR jetty-security-9.4.42-3.9.1 is installed
  • OR jetty-server-9.4.42-3.9.1 is installed
  • OR jetty-servlet-9.4.42-3.9.1 is installed
  • OR jetty-util-9.4.42-3.9.1 is installed
  • OR jetty-util-ajax-9.4.42-3.9.1 is installed
    • BACK