jetty-annotations-9.4.56-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14408-1 Final 1 1 2024-10-17T00:00:00Z current 2024-10-17T00:00:00Z 2024-10-17T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z jetty-annotations-9.4.56-2.1 on GA media These are all security issues fixed in the jetty-annotations-9.4.56-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14408 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BNU3R7DW4USCKK4UHDLFZ57HXWYZNOCE/ E-Mail link for openSUSE-SU-2024:14408-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-8184/ SUSE CVE CVE-2024-8184 page openSUSE Tumbleweed jetty-annotations-9.4.56-2.1 jetty-ant-9.4.56-2.1 jetty-cdi-9.4.56-2.1 jetty-client-9.4.56-2.1 jetty-continuation-9.4.56-2.1 jetty-deploy-9.4.56-2.1 jetty-fcgi-9.4.56-2.1 jetty-http-9.4.56-2.1 jetty-http-spi-9.4.56-2.1 jetty-io-9.4.56-2.1 jetty-jaas-9.4.56-2.1 jetty-jmx-9.4.56-2.1 jetty-jndi-9.4.56-2.1 jetty-jsp-9.4.56-2.1 jetty-minimal-javadoc-9.4.56-2.1 jetty-openid-9.4.56-2.1 jetty-plus-9.4.56-2.1 jetty-proxy-9.4.56-2.1 jetty-quickstart-9.4.56-2.1 jetty-rewrite-9.4.56-2.1 jetty-security-9.4.56-2.1 jetty-server-9.4.56-2.1 jetty-servlet-9.4.56-2.1 jetty-servlets-9.4.56-2.1 jetty-start-9.4.56-2.1 jetty-util-9.4.56-2.1 jetty-util-ajax-9.4.56-2.1 jetty-webapp-9.4.56-2.1 jetty-xml-9.4.56-2.1 jetty-annotations-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-ant-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-cdi-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-client-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-continuation-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-deploy-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-fcgi-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-http-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-http-spi-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-io-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-jaas-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-jmx-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-jndi-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-jsp-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-minimal-javadoc-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-openid-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-plus-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-proxy-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-quickstart-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-rewrite-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-security-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-server-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-servlet-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-servlets-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-start-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-util-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-util-ajax-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-webapp-9.4.56-2.1 as a component of openSUSE Tumbleweed jetty-xml-9.4.56-2.1 as a component of openSUSE Tumbleweed There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. CVE-2024-8184 openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1 openSUSE Tumbleweed:jetty-ant-9.4.56-2.1 openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1 openSUSE Tumbleweed:jetty-client-9.4.56-2.1 openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1 openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1 openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1 openSUSE Tumbleweed:jetty-http-9.4.56-2.1 openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1 openSUSE Tumbleweed:jetty-io-9.4.56-2.1 openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1 openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1 openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1 openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1 openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1 openSUSE Tumbleweed:jetty-openid-9.4.56-2.1 openSUSE Tumbleweed:jetty-plus-9.4.56-2.1 openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1 openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1 openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1 openSUSE Tumbleweed:jetty-security-9.4.56-2.1 openSUSE Tumbleweed:jetty-server-9.4.56-2.1 openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1 openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1 openSUSE Tumbleweed:jetty-start-9.4.56-2.1 openSUSE Tumbleweed:jetty-util-9.4.56-2.1 openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1 openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1 openSUSE Tumbleweed:jetty-xml-9.4.56-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BNU3R7DW4USCKK4UHDLFZ57HXWYZNOCE/ https://www.suse.com/security/cve/CVE-2024-8184.html CVE-2024-8184 https://bugzilla.suse.com/1231651 SUSE Bug 1231651