Описание
Security update for jetty-minimal
This update for jetty-minimal fixes the following issues:
Upgrade to version 9.4.57.v20241219
- CVE-2024-6763: the HttpURI class does insufficient validation on the authority segment of a URI (bsc#1231652)
- CVE-2024-13009: Gzip Request Body Buffer (bsc#1243271)
Список пакетов
SUSE Enterprise Storage 7.1
jetty-http-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
jetty-http-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
jetty-http-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
jetty-http-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
jetty-http-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
jetty-http-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
SUSE Linux Enterprise Module for Development Tools 15 SP6
jetty-http-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
SUSE Linux Enterprise Module for Development Tools 15 SP7
jetty-http-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
jetty-continuation-9.4.57-150200.3.31.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
jetty-continuation-9.4.57-150200.3.31.1
SUSE Linux Enterprise Server 15 SP3-LTSS
jetty-http-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
SUSE Linux Enterprise Server 15 SP4-LTSS
jetty-http-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
SUSE Linux Enterprise Server 15 SP5-LTSS
jetty-http-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
jetty-http-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
jetty-http-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
jetty-http-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
openSUSE Leap 15.6
jetty-annotations-9.4.57-150200.3.31.1
jetty-ant-9.4.57-150200.3.31.1
jetty-cdi-9.4.57-150200.3.31.1
jetty-client-9.4.57-150200.3.31.1
jetty-continuation-9.4.57-150200.3.31.1
jetty-deploy-9.4.57-150200.3.31.1
jetty-fcgi-9.4.57-150200.3.31.1
jetty-http-9.4.57-150200.3.31.1
jetty-http-spi-9.4.57-150200.3.31.1
jetty-io-9.4.57-150200.3.31.1
jetty-jaas-9.4.57-150200.3.31.1
jetty-jmx-9.4.57-150200.3.31.1
jetty-jndi-9.4.57-150200.3.31.1
jetty-jsp-9.4.57-150200.3.31.1
jetty-minimal-javadoc-9.4.57-150200.3.31.1
jetty-openid-9.4.57-150200.3.31.1
jetty-plus-9.4.57-150200.3.31.1
jetty-proxy-9.4.57-150200.3.31.1
jetty-quickstart-9.4.57-150200.3.31.1
jetty-rewrite-9.4.57-150200.3.31.1
jetty-security-9.4.57-150200.3.31.1
jetty-server-9.4.57-150200.3.31.1
jetty-servlet-9.4.57-150200.3.31.1
jetty-servlets-9.4.57-150200.3.31.1
jetty-start-9.4.57-150200.3.31.1
jetty-util-9.4.57-150200.3.31.1
jetty-util-ajax-9.4.57-150200.3.31.1
jetty-webapp-9.4.57-150200.3.31.1
jetty-xml-9.4.57-150200.3.31.1
Ссылки
- Link for SUSE-SU-2025:01738-1
- E-Mail link for SUSE-SU-2025:01738-1
- SUSE Security Ratings
- SUSE Bug 1231652
- SUSE Bug 1243271
- SUSE CVE CVE-2024-13009 page
- SUSE CVE CVE-2024-6763 page
Описание
** UNSUPPPORTED WHEN ASSIGNED ** In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.
Затронутые продукты
SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1
SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1
SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1
SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1
Ссылки
- CVE-2024-13009
- SUSE Bug 1243271
Описание
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.
Затронутые продукты
SUSE Enterprise Storage 7.1:jetty-http-9.4.57-150200.3.31.1
SUSE Enterprise Storage 7.1:jetty-io-9.4.57-150200.3.31.1
SUSE Enterprise Storage 7.1:jetty-security-9.4.57-150200.3.31.1
SUSE Enterprise Storage 7.1:jetty-server-9.4.57-150200.3.31.1
Ссылки
- CVE-2024-6763
- SUSE Bug 1231652