LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2012-0752 (jetty)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 15 Update: jetty-6.1.26-7.fc15 


Date:
    	      Sat, 24 Mar 2012 00:34:42 +0000


Message-ID:
    	      <20120324003442.6555420CE1@bastion01.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-0752
2012-01-21 21:12:04
--------------------------------------------------------------------------------

Name        : jetty
Product     : Fedora 15
Version     : 6.1.26
Release     : 7.fc15
URL         : http://jetty.mortbay.org/jetty/
Summary     : The Jetty Webserver and Servlet Container
Description :
Jetty is a 100% Java HTTP Server and Servlet Container.
This means that you do not need to configure and run a
separate web server (like Apache) in order to use java,
servlets and JSPs to generate dynamic content. Jetty is
a fully featured web server for static and dynamic content.
Unlike separate server/container solutions, this means
that your web server and web application run in the same
process, without interconnection overheads and complications.
Furthermore, as a pure java component, Jetty can be simply
included in your application for demonstration, distribution
or deployment. Jetty is available on all Java supported
platforms.

--------------------------------------------------------------------------------
Update Information:

Back-port of upstream jetty patches for CVE-2011-4461, hash DOS.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 16 2012 Jeff Johnston <jjohnstn@redhat.com> - 6.1.26-7
- Resolves CVE-2011-4461
- Add tomcat6-lib and fix jsp-2.0 pom.xml file
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.1.26-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #781678 - CVE-2011-4461 jetty: hash table collisions CPU usage DoS (oCERT-2011-003)
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=781678
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update jetty' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds