SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1751

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1751

Security update for jetty-minimal

Type: security

Severity: important

Issued: 2026-05-07

Description:

This update for jetty-minimal fixes the following issues:

- CVE-2026-2332: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques (bsc#1262115).
- CVE-2026-5795: Fixed JaspiAuthenticator broken access control (bsc#1261997).

References

Packages

jetty-minimal-9.4.58-150200.3.40.1