Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.31060
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.31060
<patchinfo incident="31060"> <issue tracker="cve" id="2023-36479"/> <issue tracker="cve" id="2023-40167"/> <issue tracker="cve" id="2023-41900"/> <issue tracker="cve" id="2023-44487"/> <issue tracker="cve" id="2023-36478"/> <issue tracker="bnc" id="1215415">VUL-1: CVE-2023-36479: jetty-websocket,jetty-minimal: Errant command quoting in org.eclipse.jetty.servlets.CGI Servlet</issue> <issue tracker="bnc" id="1215417">VUL-0: CVE-2023-40167: jetty-minimal,jetty-websocket: accepts "+" prefixed value in Content-Length</issue> <issue tracker="bnc" id="1215416">VUL-0: CVE-2023-41900: jetty-websocket,jetty-minimal: OpenId Revoked authentication allows one request</issue> <issue tracker="bnc" id="1216169">VUL-0: netty: protect against DDOS caused by RST floods (CVE-2023-44487)</issue> <issue tracker="bnc" id="1216162">VUL-0: CVE-2023-36478: jetty-minimal,jetty-websocket: HTTP/2 HPACK integer overflow and buffer allocation</issue> <packager>fstrba</packager> <rating>important</rating> <category>security</category> <summary>Security update for jetty-minimal</summary> <description>This update for jetty-minimal fixes the following issues: - Updated to version 9.4.53.v20231009: - CVE-2023-44487: Fixed a potential denial of service scenario via RST frame floods (bsc#1216169). - CVE-2023-36478: Fixed an integer overflow in the HTTP/2 HPACK decoder (bsc#1216162). - CVE-2023-40167: Fixed a permissive HTTP header parsing issue that could potentially lead to HTTP smuggling attacks (bsc#1215417). - CVE-2023-36479: Fixed an incorrect command execution when sending requests with certain characters in requested filenames (bsc#1215415). - CVE-2023-41900: Fixed an issue where an invalidated session would be allowed to perform a single request (bsc#1215416). </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor