Oval Definition:oval:org.opensuse.security:def:74642
Revision Date:2021-06-17Version:1
Title:Security update for jetty-minimal (Important)
Description:

This update for jetty-minimal fixes the following issues:

Update to version 9.4.42.v20210604

- Fix: bsc#1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory - Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when client send data length > 17408 - Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs - Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory from deployment scan
Family:unixClass:patch
Status:Reference(s):1159530
1165715
1176756
1177872
1184366
1184367
1184368
1187117
CVE-2019-10214
CVE-2020-15683
CVE-2020-15969
CVE-2021-28163
CVE-2021-28164
CVE-2021-28165
CVE-2021-28169
openSUSE-SU-2020:0377-1
openSUSE-SU-2020:1732-1
SUSE-SU-2021:2005-1
Platform(s):openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Development Tools 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • MozillaFirefox-78.4.0-lp151.2.73 is installed
  • OR MozillaFirefox-branding-upstream-78.4.0-lp151.2.73 is installed
  • OR MozillaFirefox-buildsymbols-78.4.0-lp151.2.73 is installed
  • OR MozillaFirefox-devel-78.4.0-lp151.2.73 is installed
  • OR MozillaFirefox-translations-common-78.4.0-lp151.2.73 is installed
  • OR MozillaFirefox-translations-other-78.4.0-lp151.2.73 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
  • AND Package Information
  • jetty-http-9.4.42-3.9.1 is installed
  • OR jetty-io-9.4.42-3.9.1 is installed
  • OR jetty-security-9.4.42-3.9.1 is installed
  • OR jetty-server-9.4.42-3.9.1 is installed
  • OR jetty-servlet-9.4.42-3.9.1 is installed
  • OR jetty-util-9.4.42-3.9.1 is installed
  • OR jetty-util-ajax-9.4.42-3.9.1 is installed
    • BACK