Описание
Security update for jetty-minimal
This update for jetty-minimal fixes the following issues:
- CVE-2024-22201: Fixed denial-of-service via HTTP/2 connection leak (bsc#1220437).
Список пакетов
SUSE Enterprise Storage 7.1
jetty-http-9.4.54-150200.3.25.1
jetty-io-9.4.54-150200.3.25.1
jetty-security-9.4.54-150200.3.25.1
jetty-server-9.4.54-150200.3.25.1
jetty-servlet-9.4.54-150200.3.25.1
jetty-util-9.4.54-150200.3.25.1
jetty-util-ajax-9.4.54-150200.3.25.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
jetty-http-9.4.54-150200.3.25.1
jetty-io-9.4.54-150200.3.25.1
jetty-security-9.4.54-150200.3.25.1
jetty-server-9.4.54-150200.3.25.1
jetty-servlet-9.4.54-150200.3.25.1
jetty-util-9.4.54-150200.3.25.1
jetty-util-ajax-9.4.54-150200.3.25.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
jetty-http-9.4.54-150200.3.25.1
jetty-io-9.4.54-150200.3.25.1
jetty-security-9.4.54-150200.3.25.1
jetty-server-9.4.54-150200.3.25.1
jetty-servlet-9.4.54-150200.3.25.1
jetty-util-9.4.54-150200.3.25.1
jetty-util-ajax-9.4.54-150200.3.25.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
jetty-http-9.4.54-150200.3.25.1
jetty-io-9.4.54-150200.3.25.1
jetty-security-9.4.54-150200.3.25.1
jetty-server-9.4.54-150200.3.25.1
jetty-servlet-9.4.54-150200.3.25.1
jetty-util-9.4.54-150200.3.25.1
jetty-util-ajax-9.4.54-150200.3.25.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
jetty-http-9.4.54-150200.3.25.1
jetty-io-9.4.54-150200.3.25.1
jetty-security-9.4.54-150200.3.25.1
jetty-server-9.4.54-150200.3.25.1
jetty-servlet-9.4.54-150200.3.25.1
jetty-util-9.4.54-150200.3.25.1
jetty-util-ajax-9.4.54-150200.3.25.1
SUSE Linux Enterprise Module for Development Tools 15 SP5
jetty-http-9.4.54-150200.3.25.1
jetty-io-9.4.54-150200.3.25.1
jetty-security-9.4.54-150200.3.25.1
jetty-server-9.4.54-150200.3.25.1
jetty-servlet-9.4.54-150200.3.25.1
jetty-util-9.4.54-150200.3.25.1
jetty-util-ajax-9.4.54-150200.3.25.1
SUSE Linux Enterprise Server 15 SP2-LTSS
jetty-http-9.4.54-150200.3.25.1
jetty-io-9.4.54-150200.3.25.1
jetty-security-9.4.54-150200.3.25.1
jetty-server-9.4.54-150200.3.25.1
jetty-servlet-9.4.54-150200.3.25.1
jetty-util-9.4.54-150200.3.25.1
jetty-util-ajax-9.4.54-150200.3.25.1
SUSE Linux Enterprise Server 15 SP3-LTSS
jetty-http-9.4.54-150200.3.25.1
jetty-io-9.4.54-150200.3.25.1
jetty-security-9.4.54-150200.3.25.1
jetty-server-9.4.54-150200.3.25.1
jetty-servlet-9.4.54-150200.3.25.1
jetty-util-9.4.54-150200.3.25.1
jetty-util-ajax-9.4.54-150200.3.25.1
SUSE Linux Enterprise Server 15 SP4-LTSS
jetty-http-9.4.54-150200.3.25.1
jetty-io-9.4.54-150200.3.25.1
jetty-security-9.4.54-150200.3.25.1
jetty-server-9.4.54-150200.3.25.1
jetty-servlet-9.4.54-150200.3.25.1
jetty-util-9.4.54-150200.3.25.1
jetty-util-ajax-9.4.54-150200.3.25.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
jetty-http-9.4.54-150200.3.25.1
jetty-io-9.4.54-150200.3.25.1
jetty-security-9.4.54-150200.3.25.1
jetty-server-9.4.54-150200.3.25.1
jetty-servlet-9.4.54-150200.3.25.1
jetty-util-9.4.54-150200.3.25.1
jetty-util-ajax-9.4.54-150200.3.25.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
jetty-http-9.4.54-150200.3.25.1
jetty-io-9.4.54-150200.3.25.1
jetty-security-9.4.54-150200.3.25.1
jetty-server-9.4.54-150200.3.25.1
jetty-servlet-9.4.54-150200.3.25.1
jetty-util-9.4.54-150200.3.25.1
jetty-util-ajax-9.4.54-150200.3.25.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
jetty-http-9.4.54-150200.3.25.1
jetty-io-9.4.54-150200.3.25.1
jetty-security-9.4.54-150200.3.25.1
jetty-server-9.4.54-150200.3.25.1
jetty-servlet-9.4.54-150200.3.25.1
jetty-util-9.4.54-150200.3.25.1
jetty-util-ajax-9.4.54-150200.3.25.1
openSUSE Leap 15.5
jetty-annotations-9.4.54-150200.3.25.1
jetty-ant-9.4.54-150200.3.25.1
jetty-cdi-9.4.54-150200.3.25.1
jetty-client-9.4.54-150200.3.25.1
jetty-continuation-9.4.54-150200.3.25.1
jetty-deploy-9.4.54-150200.3.25.1
jetty-fcgi-9.4.54-150200.3.25.1
jetty-http-9.4.54-150200.3.25.1
jetty-http-spi-9.4.54-150200.3.25.1
jetty-io-9.4.54-150200.3.25.1
jetty-jaas-9.4.54-150200.3.25.1
jetty-jmx-9.4.54-150200.3.25.1
jetty-jndi-9.4.54-150200.3.25.1
jetty-jsp-9.4.54-150200.3.25.1
jetty-minimal-javadoc-9.4.54-150200.3.25.1
jetty-openid-9.4.54-150200.3.25.1
jetty-plus-9.4.54-150200.3.25.1
jetty-proxy-9.4.54-150200.3.25.1
jetty-quickstart-9.4.54-150200.3.25.1
jetty-rewrite-9.4.54-150200.3.25.1
jetty-security-9.4.54-150200.3.25.1
jetty-server-9.4.54-150200.3.25.1
jetty-servlet-9.4.54-150200.3.25.1
jetty-servlets-9.4.54-150200.3.25.1
jetty-start-9.4.54-150200.3.25.1
jetty-util-9.4.54-150200.3.25.1
jetty-util-ajax-9.4.54-150200.3.25.1
jetty-webapp-9.4.54-150200.3.25.1
jetty-xml-9.4.54-150200.3.25.1
Ссылки
- Link for SUSE-SU-2024:0817-1
- E-Mail link for SUSE-SU-2024:0817-1
- SUSE Security Ratings
- SUSE Bug 1220437
- SUSE CVE CVE-2024-22201 page
Описание
Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.
Затронутые продукты
SUSE Enterprise Storage 7.1:jetty-http-9.4.54-150200.3.25.1
SUSE Enterprise Storage 7.1:jetty-io-9.4.54-150200.3.25.1
SUSE Enterprise Storage 7.1:jetty-security-9.4.54-150200.3.25.1
SUSE Enterprise Storage 7.1:jetty-server-9.4.54-150200.3.25.1
Ссылки
- CVE-2024-22201
- SUSE Bug 1220437