Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5664-1] jetty9 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5664-1] jetty9 security update


Chronologisch Thread  
  • From: Markus Koschany <apo AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5664-1] jetty9 security update
  • Date: Wed, 17 Apr 2024 21:36:49 +0000
  • List-archive: https://lists.debian.org/msgid-search/ZiBA8SdYAUf2n+1c AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=kHcWhz2FNUyL1dXrt23aBFlyww23+hQNh6P4U7W7/ik=; b=U5 w/0XHAAwqMVPS62pCyfmZdk6koGx3a12zODA8g49LwC6VJiuDKL9kMD2LvWoM9HxWzEEtukmsMaTO snRQvowYYYXv+if0pTie94674AQja/0YU/T7Xbgg4d2Uet3QJIDC4j/iCq3qpIMKaqtcOLQIHn7hc iTi4nu9XC5DmJL/BUQvbHTl1XgHdJXO458fwxX88ItFXFb3DRQd5I/8i/Dejk5vn5IbJvX+KGhc2Q /IvbepbEEl3mkB1SnPTqDdncKu03zHgNEUno7UFXFsaIPRQR32ZgrsyssHfgdmDwhEYZRYKEuGp1v CAXwKEvM/Yd7DBVgSngZlO3ouMycM9mQ==;
  • Old-return-path: <apo AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 17 Apr 2024 21:54:13 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <XplAUNTdImH.A.0mH.FUEImB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5664-1 security AT debian.org
https://www.debian.org/security/ Markus Koschany
April 17, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : jetty9
CVE ID : CVE-2024-22201

Jetty 9 is a Java based web server and servlet engine. It was discovered that
remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not
closed), TCP congested and idle. Eventually the server will stop accepting new
connections from valid clients which can cause a denial of service.

For the oldstable distribution (bullseye), this problem has been fixed
in version 9.4.50-4+deb11u2.

For the stable distribution (bookworm), this problem has been fixed in
version 9.4.50-4+deb12u3.

We recommend that you upgrade your jetty9 packages.

For the detailed security status of jetty9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jetty9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYgPqhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeS8Wg/+JvDyNdRq1Tu6rEqfHprMuxVifvPSH4RefpWMVY1MUIwRSxCyL9GEKCtu
q0a+Vf/JycNVbTcRB0n/UpgFdCCWE6dUngLIoYX/SmA+dXKLN9a+FIKj/aivOvOr
CUEkaJiVBjARYoBxDzoLG8STAJkxJvCAIduOSZ4Pr3iaZ+3+mHLpz38aAHz7QCXS
NoqaD66hMTCVPnVTTr3CvrhCIjcdxQRteJwkJ0XxT5WxYSBmVuB+zEAxHUt6ocv2
5bMel+B4OMcNrRrdQiUtqAF2i7ktAPO2HUo5+9kxYCwkB1DbgIEhdtkA6aBtTYZ0
ZJbx4kV206DrQO7PjLzbY6RA2o2EiNb1zEZlaaFuGq6ctIpR52PplC0sEPUTVbDH
LlDAQUIXzmmJGhD2etF5dpknbBTcAhUjGebCiasqwZ8HWiVUeIEwi89je7+CThjB
3phSjyzqZivdkpYiZTApy3UU3lzXHViCtTIverkaQNoYExWVCKihvMRtSAlhw4b0
ukEt+PNzrgl2N0M3bYh1oEh+TGqiP961Je38l5756wKLSxgzfTwTlrPmH6BFwhkF
EnMxzjX4jvRWkVC2Yz4/DiJnRnAEjS3iOsvvDnP/lZkWZOXMT3TY0bRJSwUuEgCc
NPF/PE/q6KRtzyxJLuTOFRwk/xob/q4GucD+RuqwHEC2w3fN7WE=
=HK3G
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 5664-1] jetty9 security update, Markus Koschany, 17.04.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang