Updated jetty packages fix security vulnerability
Publication date: 18 Aug 2017Modification date: 18 Aug 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-9735
Description
Jetty is prone to a timing channel attack in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords (CVE-2017-9735).
References
SRPMS
6/core
- jetty-9.4.6-1.v20170531.1.1.mga6
- jetty-alpn-8.1.11-3.v20170118.1.mga6
- jetty-test-helper-3.1-4.mga6