SUSE-SU-2023:4210-1

Description

Security update for jetty-minimal This update for jetty-minimal fixes the following issues: - Updated to version 9.4.53.v20231009: - CVE-2023-44487: Fixed a potential denial of service scenario via RST frame floods (bsc#1216169). - CVE-2023-36478: Fixed an integer overflow in the HTTP/2 HPACK decoder (bsc#1216162). - CVE-2023-40167: Fixed a permissive HTTP header parsing issue that could potentially lead to HTTP smuggling attacks (bsc#1215417). - CVE-2023-36479: Fixed an incorrect command execution when sending requests with certain characters in requested filenames (bsc#1215415). - CVE-2023-41900: Fixed an issue where an invalidated session would be allowed to perform a single request (bsc#1215416).

Affected Systems

• opensuse•jetty-minimal&distro=openSUSE Leap 15.4

  < 9.4.53-150200.3.22.1

• opensuse•jetty-minimal&distro=openSUSE Leap 15.5

  < 9.4.53-150200.3.22.1

• suse•jetty-minimal&distro=SUSE Enterprise Storage 7.1

  < 9.4.53-150200.3.22.1

• suse•jetty-minimal&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

  < 9.4.53-150200.3.22.1

• suse•jetty-minimal&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

  < 9.4.53-150200.3.22.1

• suse•jetty-minimal&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

  < 9.4.53-150200.3.22.1

• suse•jetty-minimal&distro=SUSE Linux Enterprise Module for Development Tools 15 SP4

  < 9.4.53-150200.3.22.1

• suse•jetty-minimal&distro=SUSE Linux Enterprise Module for Development Tools 15 SP5

  < 9.4.53-150200.3.22.1

• suse•jetty-minimal&distro=SUSE Linux Enterprise Server 15 SP2-LTSS

  < 9.4.53-150200.3.22.1

• suse•jetty-minimal&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

  < 9.4.53-150200.3.22.1

• suse•jetty-minimal&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2

  < 9.4.53-150200.3.22.1

• suse•jetty-minimal&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

  < 9.4.53-150200.3.22.1

References (11)

• https://www.suse.com/support/update/announcement/2023/suse-su-20234210-1/
• https://bugzilla.suse.com/1215415
• https://bugzilla.suse.com/1215416
• https://bugzilla.suse.com/1215417
• https://bugzilla.suse.com/1216162
• https://bugzilla.suse.com/1216169
• https://www.suse.com/security/cve/CVE-2023-36478
• https://www.suse.com/security/cve/CVE-2023-36479
• https://www.suse.com/security/cve/CVE-2023-40167
• https://www.suse.com/security/cve/CVE-2023-41900
• https://www.suse.com/security/cve/CVE-2023-44487