SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1738

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1738

Security update for jetty-minimal

Type: security

Severity: important

Issued: 2025-05-29

Description:

This update for jetty-minimal fixes the following issues:

Upgrade to version 9.4.57.v20241219

- CVE-2024-6763: the HttpURI class does insufficient validation on the authority segment of a URI (bsc#1231652)
- CVE-2024-13009: Gzip Request Body Buffer (bsc#1243271)

References

CVE: CVE-2024-6763
CVE: CVE-2024-13009
Bugzilla: 1243271 VUL-0: CVE-2024-13009: jetty-minimal: jetty-server: Gzip Request Body Buffer Corruption
Bugzilla: 1231652 VUL-0: CVE-2024-6763: jetty-minimal, jetty-websocket: org.eclipse.jetty:jetty-http: jetty: the HttpURI class does insufficient validation on the authority segment of a URI

Packages

jetty-minimal-9.4.57-150200.3.31.1