Jetty is prone to a timing channel attack in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords (CVE-2017-9735).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | jetty | < 9.4.6-1.v20170531.1.1 | jetty-9.4.6-1.v20170531.1.1.mga6 |
Mageia | 6 | noarch | jetty-alpn | < 8.1.11-3.v20170118.1 | jetty-alpn-8.1.11-3.v20170118.1.mga6 |
Mageia | 6 | noarch | jetty-test-helper | < 3.1-4 | jetty-test-helper-3.1-4.mga6 |