Advisories » MGASA-2017-0277

Updated jetty packages fix security vulnerability

Publication date: 18 Aug 2017
Modification date: 18 Aug 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-9735

Description

Jetty is prone to a timing channel attack in util/security/Password.java, which
makes it easier for remote attackers to obtain access by observing elapsed times
before rejection of incorrect passwords (CVE-2017-9735).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21202
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QULQK5DU63QRYEWLVC6QZWASFQFSPFMD/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9735

SRPMS

6/core

• jetty-9.4.6-1.v20170531.1.1.mga6
• jetty-alpn-8.1.11-3.v20170118.1.mga6
• jetty-test-helper-3.1-4.mga6