openSUSE: 2023:4210-1 Important: Jetty-Minimal Denial Of Service Fix
opensuse
October 26, 2023
This update for jetty-minimal fixes the following issues: Updated to version 9.4.53.v20231009:
Description
This update for jetty-minimal fixes the following issues:
* Updated to version 9.4.53.v20231009:
* CVE-2023-44487: Fixed a potential denial of service scenario via RST frame
floods (bsc#1216169).
* CVE-2023-36478: Fixed an integer overflow in the HTTP/2 HPACK decoder
(bsc#1216162).
* CVE-2023-40167: Fixed a permissive HTTP header parsing issue that could
potentially lead to HTTP smuggling attacks (bsc#1215417).
* CVE-2023-36479: Fixed an incorrect command execution when sending requests
with certain characters in requested filenames (bsc#1215415).
* CVE-2023-41900: Fixed an issue where an invalidated session would be allowed
to perform a single request (bsc#1215416).
Patch
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4210=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4210=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4210=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4210=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4210=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4210=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4210=1
* openSUSE Leap 15.5
zypper in -t patch...
Read the Full AdvisoryPackage List
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* jetty-server-9.4.53-150200.3.22.1
* jetty-util-9.4.53-150200.3.22.1
* jetty-http-9.4.53-150200.3.22.1
* jetty-servlet-9.4.53-150200.3.22.1
* jetty-security-9.4.53-150200.3.22.1
* jetty-io-9.4.53-150200.3.22.1
* jetty-util-ajax-9.4.53-150200.3.22.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* jetty-server-9.4.53-150200.3.22.1
* jetty-util-9.4.53-150200.3.22.1
* jetty-http-9.4.53-150200.3.22.1
* jetty-servlet-9.4.53-150200.3.22.1
* jetty-security-9.4.53-150200.3.22.1
* jetty-io-9.4.53-150200.3.22.1
* jetty-util-ajax-9.4.53-150200.3.22.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* jetty-server-9.4.53-150200.3.22.1
* jetty-util-9.4.53-150200.3.22.1
* jetty-http-9.4.53-150200.3.22.1
* jetty-servlet-9.4.53-150200.3.22.1
* jetty-security-9.4.53-150200.3.22.1
* jetty-io-9.4.53-150200.3.22.1
* jetty-util-ajax-9.4.53-150200.3.22.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
*...
Read the Full AdvisoryReferences
* bsc#1215415
* bsc#1215416
* bsc#1215417
* bsc#1216162
* bsc#1216169
## References:
* https://www.suse.com/security/cve/CVE-2023-36478.html
* https://www.suse.com/security/cve/CVE-2023-36479.html
* https://www.suse.com/security/cve/CVE-2023-40167.html
* https://www.suse.com/security/cve/CVE-2023-41900.html
* https://www.suse.com/security/cve/CVE-2023-44487.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215415
* https://bugzilla.suse.com/show_bug.cgi?id=1215416
* https://bugzilla.suse.com/show_bug.cgi?id=1215417
* https://bugzilla.suse.com/show_bug.cgi?id=1216162
* https://bugzilla.suse.com/show_bug.cgi?id=1216169
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2023:4210-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!