Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE 15 SP4: SUSE-SU-2023:4210-1 Important Jetty-Minal Issues

suse
Calendar Grey October 26, 2023
Dist Suse Esm H88
Important security patch for jetty-minimal mitigates various vulnerabilities. Detailed update steps provided for impacted versions.
* bsc#1215415 * bsc#1215416 * bsc#1215417 * bsc#1216162 * bsc#1216169

Summary

## This update for jetty-minimal fixes the following issues: * Updated to version 9.4.53.v20231009: * CVE-2023-44487: Fixed a potential denial of service scenario via RST frame floods (bsc#1216169). * CVE-2023-36478: Fixed an integer overflow in the HTTP/2 HPACK decoder (bsc#1216162). * CVE-2023-40167: Fixed a permissive HTTP header parsing issue that could potentially lead to HTTP smuggling attacks (bsc#1215417). * CVE-2023-36479: Fixed an incorrect command execution when sending requests with certain characters in requested filenames (bsc#1215415). * CVE-2023-41900: Fixed an issue where an invalidated session would be allowed to perform a single request (bsc#1215416). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like

Topics%20covered

Topics Covered

security advisory denial of service patch important suse http smuggling jetty-minimal

References

* bsc#1215415

* bsc#1215416

* bsc#1215417

* bsc#1216162

* bsc#1216169

Cross-

* CVE-2023-36478

* CVE-2023-36479

* CVE-2023-40167

* CVE-2023-41900

* CVE-2023-44487

CVSS scores:

* CVE-2023-36478 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-36478 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-36479 ( SUSE ): 3.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

* CVE-2023-36479 ( NVD ): 3.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

* CVE-2023-40167 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

* CVE-2023-40167 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

* CVE-2023-41900 ( SUSE ): 3.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

* CVE-2023-41900 ( NVD ): 3.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4210-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service patch important suse http smuggling jetty-minimal

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here