jetty-annotations-9.4.48-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12182-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z jetty-annotations-9.4.48-1.1 on GA media These are all security issues fixed in the jetty-annotations-9.4.48-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12182 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-2047/ SUSE CVE CVE-2022-2047 page https://www.suse.com/security/cve/CVE-2022-2048/ SUSE CVE CVE-2022-2048 page openSUSE Tumbleweed jetty-annotations-9.4.48-1.1 jetty-ant-9.4.48-1.1 jetty-cdi-9.4.48-1.1 jetty-client-9.4.48-1.1 jetty-continuation-9.4.48-1.1 jetty-deploy-9.4.48-1.1 jetty-fcgi-9.4.48-1.1 jetty-http-9.4.48-1.1 jetty-http-spi-9.4.48-1.1 jetty-io-9.4.48-1.1 jetty-jaas-9.4.48-1.1 jetty-jmx-9.4.48-1.1 jetty-jndi-9.4.48-1.1 jetty-jsp-9.4.48-1.1 jetty-minimal-javadoc-9.4.48-1.1 jetty-openid-9.4.48-1.1 jetty-plus-9.4.48-1.1 jetty-proxy-9.4.48-1.1 jetty-quickstart-9.4.48-1.1 jetty-rewrite-9.4.48-1.1 jetty-security-9.4.48-1.1 jetty-server-9.4.48-1.1 jetty-servlet-9.4.48-1.1 jetty-servlets-9.4.48-1.1 jetty-start-9.4.48-1.1 jetty-util-9.4.48-1.1 jetty-util-ajax-9.4.48-1.1 jetty-webapp-9.4.48-1.1 jetty-xml-9.4.48-1.1 jetty-annotations-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-ant-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-cdi-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-client-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-continuation-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-deploy-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-fcgi-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-http-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-http-spi-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-io-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-jaas-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-jmx-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-jndi-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-jsp-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-minimal-javadoc-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-openid-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-plus-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-proxy-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-quickstart-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-rewrite-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-security-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-server-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-servlet-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-servlets-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-start-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-util-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-util-ajax-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-webapp-9.4.48-1.1 as a component of openSUSE Tumbleweed jetty-xml-9.4.48-1.1 as a component of openSUSE Tumbleweed In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. CVE-2022-2047 openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1 openSUSE Tumbleweed:jetty-ant-9.4.48-1.1 openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1 openSUSE Tumbleweed:jetty-client-9.4.48-1.1 openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1 openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1 openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1 openSUSE Tumbleweed:jetty-http-9.4.48-1.1 openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1 openSUSE Tumbleweed:jetty-io-9.4.48-1.1 openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1 openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1 openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1 openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1 openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1 openSUSE Tumbleweed:jetty-openid-9.4.48-1.1 openSUSE Tumbleweed:jetty-plus-9.4.48-1.1 openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1 openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1 openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1 openSUSE Tumbleweed:jetty-security-9.4.48-1.1 openSUSE Tumbleweed:jetty-server-9.4.48-1.1 openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1 openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1 openSUSE Tumbleweed:jetty-start-9.4.48-1.1 openSUSE Tumbleweed:jetty-util-9.4.48-1.1 openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1 openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1 openSUSE Tumbleweed:jetty-xml-9.4.48-1.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2047.html CVE-2022-2047 https://bugzilla.suse.com/1201317 SUSE Bug 1201317 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. CVE-2022-2048 openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1 openSUSE Tumbleweed:jetty-ant-9.4.48-1.1 openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1 openSUSE Tumbleweed:jetty-client-9.4.48-1.1 openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1 openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1 openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1 openSUSE Tumbleweed:jetty-http-9.4.48-1.1 openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1 openSUSE Tumbleweed:jetty-io-9.4.48-1.1 openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1 openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1 openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1 openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1 openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1 openSUSE Tumbleweed:jetty-openid-9.4.48-1.1 openSUSE Tumbleweed:jetty-plus-9.4.48-1.1 openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1 openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1 openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1 openSUSE Tumbleweed:jetty-security-9.4.48-1.1 openSUSE Tumbleweed:jetty-server-9.4.48-1.1 openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1 openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1 openSUSE Tumbleweed:jetty-start-9.4.48-1.1 openSUSE Tumbleweed:jetty-util-9.4.48-1.1 openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1 openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1 openSUSE Tumbleweed:jetty-xml-9.4.48-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2048.html CVE-2022-2048 https://bugzilla.suse.com/1201316 SUSE Bug 1201316