Bug 532675 (CVE-2009-4611)
Summary: | CVE-2009-4611 jetty: escape sequence injection to stack traces | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | bressers, jjohnstn, kreilly, overholt, vdanen | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-11-05 17:20:49 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 532733, 556593 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Tomas Hoger
2009-11-03 13:03:03 UTC
Created attachment 367294 [details] Local copy of the advisory Downloaded on 2009-11-03 from: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt It's not clear if 5.x versions may be affected by some variant of this problem. Upstream patches listed above applied to Fedora 12 and rawhide. This is fixed in upstream 6.1.22 and patched in Fedora 13: * Tue Nov 03 2009 Jeff Johnston 6.1.21-3 - Security issues - Resolves #532675, #5326565 and 6.1.20-5 on Fedora 12. |