Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 17 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of servicedebian

Debian LTS DLA-4106-1: jetty9 security issues for denial of service

Jetty 9 is a Java based web server and servlet engine. Several security vulnerabilities have been discovered which may allow remote attackers to cause a denial of service by repeatedly sending crafted requests which can trigger OutofMemory errors and exhaust the server's memory. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4106-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany April 02, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : jetty9 Version : 9.4.57-0+deb11u1 CVE ID : CVE-2024-6762 CVE-2024-8184 CVE-2024-9823 Debian Bug : 1085697 Jetty 9 is a Java based web server and servlet engine. Several security vulnerabilities have been discovered which may allow remote attackers to cause a denial of service by repeatedly sending crafted requests which can trigger OutofMemory errors and exhaust the server's memory. CVE-2024-6762: In addition PushSessionCacheFilter and PushCacheFilter have been deprecated. These classes should no longer be used in a production environment. For Debian 11 bullseye, these problems have been fixed in version 9.4.57-0+deb11u1. We recommend that you upgrade your jetty9 packages. For the detailed security status of jetty9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/jetty9 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Several vulnerabilities in Jetty 9 necessitate prompt patching to avert denial of service incidents stemming from resource overuse.. Jetty Updates, Debian Advisory, Security Issues, Denial of Service, Remote Exploits. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 01, 2025 Critical Debian LTS
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of servicecritical

Debian 10: DLA-3781-1 High Tomcat8 Denial Of Service Vulnerability

Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3780-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany April 06, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : jetty9 Version : 9.4.50-4+deb10u2 CVE ID : CVE-2024-22201 Debian Bug : 1064923 Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service. For Debian 10 buster, this problem has been fixed in version 9.4.50-4+deb10u2. We recommend that you upgrade your jetty9 packages. For the detailed security status of jetty9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/jetty9 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Explore Jetty 9 security patch DLA-3780-1 resolving denial of service vulnerabilities released on April 06, 2024, specifically for Debian 10.. Jetty Update, Debian Security, Denial of Service. . LinuxSecurity.com Team

Calendar 2 Apr 06, 2024 Debian LTS
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryhigh severityfedora

Fedora 40 High Severity: Jetty Update for CVE-2024-1938 and 1939

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : jetty Product : Fedora 40 Version : 9.4.40 Release : 11.fc40 URL : https://jetty.org/ Summary : Java Webserver and Servlet Container Description : Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server (like Apache) in order to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate server/container solutions, this means that your web server and web application run in the same process, without interconnection overheads and complications. Furthermore, as a pure java component, Jetty can be simply included in your application for demonstration, distribution or deployment. Jetty is available on all Java supported platforms. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 9.4.40-11 - Rebuilt for java-21-openjdk as system jdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora 40 has rolled out a new update for Jetty that resolves several security vulnerabilities, notably including critical CVE-2024-1938 and CVE-2024-1939.. Fedora Security Advisory, Jetty UpdateNotification, Type Confusion Issue, Security Vulnerability Fix. . LinuxSecurity.com Team

Calendar 2 Mar 07, 2024 Fedora
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydenial of serviceremote exploit

Debian: DSA-5541-1 Critical: Jetty 9 Vulnerability Mitigation

Two remotely exploitable security vulnerabilities were discovered in Jetty 9, a Java based web server and servlet engine. The HTTP/2 protocol implementation did not sufficiently verify if HPACK header values exceed their size limit. Furthermore the HTTP/2 protocol allowed a denial of service (server resource . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5540-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany October 30, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jetty9 CVE ID : CVE-2023-36478 CVE-2023-44487 Two remotely exploitable security vulnerabilities were discovered in Jetty 9, a Java based web server and servlet engine. The HTTP/2 protocol implementation did not sufficiently verify if HPACK header values exceed their size limit. Furthermore the HTTP/2 protocol allowed a denial of service (server resource consumption) because request cancellation can reset many streams quickly. This problem is also known as Rapid Reset Attack. For the oldstable distribution (bullseye), these problems have been fixed in version 9.4.50-4+deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 9.4.50-4+deb12u2. We recommend that you upgrade your jetty9 packages. For the detailed security status of jetty9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/jetty9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Two vulnerabilities resolved in Jetty 9 for Debian, tackling risks related to HTTP/2 attacks and denial of service threats. Update advised.. Jetty 9,Debian Security, HTTP/2 Vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 30, 2023 Critical Debian
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianmoderate severity

Debian 9.4.50-4: DSA-5507-1 Moderate: Jetty9 Cookie Parsing Flaw

Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine. The org.eclipse.jetty.servlets.CGI class has been deprecated. It is potentially . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5507-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany September 28, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jetty9 CVE ID : CVE-2023-26048 CVE-2023-26049 CVE-2023-36479 CVE-2023-40167 CVE-2023-41900 Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine. The org.eclipse.jetty.servlets.CGI class has been deprecated. It is potentially unsafe to use it. The upstream developers of Jetty recommend to use Fast CGI instead. See also CVE-2023-36479. CVE-2023-26048 In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. CVE-2023-26049 Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. CVE-2023-40167 Prior to this version Jetty accepted the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it isconceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. CVE-2023-36479 Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. CVE-2023-41900 Jetty is vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This impacts usages of the jetty-openid which have configured a nested `LoginService` and where that `LoginService` is capable of rejecting previously authenticated users. For the oldstable distribution (bullseye), these problems have been fixed in version 9.4.39-3+deb11u2. For the stable distribution (bookworm), these problems have been fixed in version 9.4.50-4+deb12u1. We recommend that you upgrade your jetty9 packages. For the detailed security status of jetty9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/jetty9 Further information about Debian Security Advisories, how to apply these updates to your system andfrequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Several vulnerabilities in Tomcat necessitate immediate patches to ensure user protection and system reliability. Update advised.. Java Server Security, Jetty Update, Debian Security Advisory, Web Server Threats, Servlet Vulnerabilities. . LinuxSecurity.com Team

Calendar 2 Sep 28, 2023 Debian
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticalsoftware update

Debian: DLA-3079-1 critical: Jetty HTTP Issues and Service Interruptions

Two security vulnerabilities were discovered in Jetty, a Java servlet engine and webserver. CVE-2022-2047 . -------------------------------------------------------------------------Debian LTS Advisory DLA-3079-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany August 22, 2022 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : jetty9 Version : 9.4.16-0+deb10u2 CVE ID : CVE-2022-2047 CVE-2022-2048 Two security vulnerabilities were discovered in Jetty, a Java servlet engine and webserver. CVE-2022-2047 In Eclipse Jetty the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. CVE-2022-2048 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. For Debian 10 buster, these problems have been fixed in version 9.4.16-0+deb10u2. We recommend that you upgrade your jetty9 packages. For the detailed security status of jetty9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/jetty9 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-5111-1 tackles vulnerabilities in OpenSSH, advising imperative updates to enhance security measures.. Jetty Security, Debian Advisory, Java Servlet Engine, Denial of Service, HTTP Issues. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 21, 2022 Critical Debian LTS
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydenial of servicesecurity issue

Debian: DSA-5198-1 Moderate: Jetty9 Denial of Service Vulnerabilities

Two security vulnerabilities were discovered in Jetty, a Java servlet engine and webserver. CVE-2022-2047 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5198-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany August 02, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jetty9 CVE ID : CVE-2022-2047 CVE-2022-2048 Two security vulnerabilities were discovered in Jetty, a Java servlet engine and webserver. CVE-2022-2047 In Eclipse Jetty the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. CVE-2022-2048 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. For the stable distribution (bullseye), these problems have been fixed in version 9.4.39-3+deb11u1. We recommend that you upgrade your jetty9 packages. For the detailed security status of jetty9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/jetty9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Remain informed about Jetty security fixes and strategies to counteract flaws that affect its operational efficiency.. jetty9 security update, debian advisory, java servlet engine, dos attack prevention, jettyvulnerabilities. . LinuxSecurity.com Team

Calendar 2 Aug 02, 2022 Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydenial of servicecritical

Debian DSA-4949-1 Critical Alert: Multiple Jetty Vulnerabilities

Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in cross-site scripting, information disclosure, privilege escalation or denial of service. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4949-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff August 04, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jetty9 CVE ID : CVE-2019-10241 CVE-2019-10247 CVE-2020-27216 CVE-2020-27223 CVE-2020-28165 CVE-2020-28169 CVE-2021-34428 Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in cross-site scripting, information disclosure, privilege escalation or denial of service. For the stable distribution (buster), these problems have been fixed in version 9.4.16-0+deb10u1. We recommend that you upgrade your jetty9 packages. For the detailed security status of jetty9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/jetty9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Several flaws identified in Jetty posing security risks. Prompt upgrade advised to maintain system integrity.. Jetty Security Update, Debian Package, Threat Mitigation, Update Recommendation. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 04, 2021 Critical Debian
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here