From Mageia wiki
Jump to: navigation, search

MGASA-2013-0002

Date: January 5th, 2013
Affected releases: 2


Description:
Updated jetty packages fix security vulnerability:

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters
without restricting the ability to trigger hash collisions predictably,
which allows remote attackers to cause a denial of service (CPU
consumption) by sending many crafted parameters (CVE-2011-4461).


Updated Packages:
jetty-6.1.26-14.1.mga2
jetty-javadoc-6.1.26-14.1.mga2
jetty-manual-6.1.26-14.1.mga2
jetty-maven-plugins-6.1.26-14.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4461
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076411.html
https://bugs.mageia.org/show_bug.cgi?id=8465