MGASA-2017-0277

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0277.html

Import Source

https://advisories.mageia.org/MGASA-2017-0277.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0277

Related

CVE-2017-9735

Published

2017-08-18T17:06:49Z

Modified

2017-08-18T16:48:29Z

Summary

Updated jetty packages fix security vulnerability

Details

Jetty is prone to a timing channel attack in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords (CVE-2017-9735).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / jetty

Package

Name: jetty
Purl: pkg:rpm/mageia/jetty?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.6-1.v20170531.1.1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / jetty-alpn

Package

Name: jetty-alpn
Purl: pkg:rpm/mageia/jetty-alpn?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.1.11-3.v20170118.1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / jetty-test-helper

Package

Name: jetty-test-helper
Purl: pkg:rpm/mageia/jetty-test-helper?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1-4.mga6

Ecosystem specific

{
    "section": "core"
}