Oval Definition:oval:org.opensuse.security:def:67154
Revision Date:2021-06-17Version:1
Title:Security update for jetty-minimal (Important)
Description:

This update for jetty-minimal fixes the following issues:

Update to version 9.4.42.v20210604

- Fix: bsc#1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory - Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when client send data length > 17408 - Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs - Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory from deployment scan
Family:unixClass:patch
Status:Reference(s):1100369
1109160
1118367
1118368
1128220
1156205
1157051
1161168
1170667
1170713
1171313
1171740
1172958
1173307
1173311
1173983
1174321
1175443
1176092
1176674
1184366
1184367
1184368
1187117
906079
CVE-2017-3136
CVE-2018-5741
CVE-2019-6477
CVE-2020-15103
CVE-2020-8616
CVE-2020-8617
CVE-2020-8618
CVE-2020-8619
CVE-2020-8620
CVE-2020-8621
CVE-2020-8622
CVE-2020-8623
CVE-2020-8624
CVE-2021-28163
CVE-2021-28164
CVE-2021-28165
CVE-2021-28169
SUSE-SU-2020:2914-1
Platform(s):SUSE Linux Enterprise Module for Development Tools 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
  • AND sysuser-tools-2.0-4.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • freerdp-2.1.2-15.10 is installed
  • OR freerdp-server-2.1.2-15.10 is installed
  • OR freerdp-wayland-2.1.2-15.10 is installed
  • OR libuwac0-0-2.1.2-15.10 is installed
  • OR uwac0-0-devel-2.1.2-15.10 is installed
    • BACK