it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Markus Koschany <apo AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5664-1] jetty9 security update
- Date: Wed, 17 Apr 2024 21:36:49 +0000
- List-archive: https://lists.debian.org/msgid-search/ZiBA8SdYAUf2n+1c AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=kHcWhz2FNUyL1dXrt23aBFlyww23+hQNh6P4U7W7/ik=; b=U5 w/0XHAAwqMVPS62pCyfmZdk6koGx3a12zODA8g49LwC6VJiuDKL9kMD2LvWoM9HxWzEEtukmsMaTO snRQvowYYYXv+if0pTie94674AQja/0YU/T7Xbgg4d2Uet3QJIDC4j/iCq3qpIMKaqtcOLQIHn7hc iTi4nu9XC5DmJL/BUQvbHTl1XgHdJXO458fwxX88ItFXFb3DRQd5I/8i/Dejk5vn5IbJvX+KGhc2Q /IvbepbEEl3mkB1SnPTqDdncKu03zHgNEUno7UFXFsaIPRQR32ZgrsyssHfgdmDwhEYZRYKEuGp1v CAXwKEvM/Yd7DBVgSngZlO3ouMycM9mQ==;
- Old-return-path: <apo AT seger.debian.org>
- Priority: urgent
- Resent-date: Wed, 17 Apr 2024 21:54:13 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <XplAUNTdImH.A.0mH.FUEImB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5664-1 security AT debian.org
https://www.debian.org/security/ Markus Koschany
April 17, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : jetty9
CVE ID : CVE-2024-22201
Jetty 9 is a Java based web server and servlet engine. It was discovered that
remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not
closed), TCP congested and idle. Eventually the server will stop accepting new
connections from valid clients which can cause a denial of service.
For the oldstable distribution (bullseye), this problem has been fixed
in version 9.4.50-4+deb11u2.
For the stable distribution (bookworm), this problem has been fixed in
version 9.4.50-4+deb12u3.
We recommend that you upgrade your jetty9 packages.
For the detailed security status of jetty9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jetty9
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYgPqhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeS8Wg/+JvDyNdRq1Tu6rEqfHprMuxVifvPSH4RefpWMVY1MUIwRSxCyL9GEKCtu
q0a+Vf/JycNVbTcRB0n/UpgFdCCWE6dUngLIoYX/SmA+dXKLN9a+FIKj/aivOvOr
CUEkaJiVBjARYoBxDzoLG8STAJkxJvCAIduOSZ4Pr3iaZ+3+mHLpz38aAHz7QCXS
NoqaD66hMTCVPnVTTr3CvrhCIjcdxQRteJwkJ0XxT5WxYSBmVuB+zEAxHUt6ocv2
5bMel+B4OMcNrRrdQiUtqAF2i7ktAPO2HUo5+9kxYCwkB1DbgIEhdtkA6aBtTYZ0
ZJbx4kV206DrQO7PjLzbY6RA2o2EiNb1zEZlaaFuGq6ctIpR52PplC0sEPUTVbDH
LlDAQUIXzmmJGhD2etF5dpknbBTcAhUjGebCiasqwZ8HWiVUeIEwi89je7+CThjB
3phSjyzqZivdkpYiZTApy3UU3lzXHViCtTIverkaQNoYExWVCKihvMRtSAlhw4b0
ukEt+PNzrgl2N0M3bYh1oEh+TGqiP961Je38l5756wKLSxgzfTwTlrPmH6BFwhkF
EnMxzjX4jvRWkVC2Yz4/DiJnRnAEjS3iOsvvDnP/lZkWZOXMT3TY0bRJSwUuEgCc
NPF/PE/q6KRtzyxJLuTOFRwk/xob/q4GucD+RuqwHEC2w3fN7WE=
=HK3G
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5664-1] jetty9 security update, Markus Koschany, 17.04.2024
Archiv bereitgestellt durch MHonArc 2.6.19+.