[SECURITY] [DSA 5894-1] jetty9 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5894-1] jetty9 security update
From: Markus Koschany <apo@debian.org>
Date: Fri, 4 Apr 2025 22:32:43 +0000
Message-id: <Z/BeC2IpCe8G3e0g@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5894-1                   security@debian.org
https://www.debian.org/security/                          Markus Koschany
April 05, 2025                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : jetty9
CVE ID         : CVE-2024-6762 CVE-2024-8184 CVE-2024-9823
Debian Bug     : 1085697

Jetty 9 is a Java based web server and servlet engine. Several security
vulnerabilities have been discovered which may allow remote attackers to cause
a denial of service by repeatedly sending crafted requests which can trigger
OutofMemory errors and exhaust the server's memory.

CVE-2024-6762: In addition PushSessionCacheFilter and PushCacheFilter have been
deprecated. These classes should no longer be used in a production environment.

For the stable distribution (bookworm), these problems have been fixed in
version 9.4.57-0+deb12u1.

We recommend that you upgrade your jetty9 packages.

For the detailed security status of jetty9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jetty9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmfwXTtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRrjw/+KDRtezBQzD2MBhWt7GzKPF27qyC+BwgSKWWzrJYTUTy0iU+Ugfd9X3Q6
6OpRa8Uigw5urITrmbH1Bgz1m3OMah3HdYAdGQVLgixAek0Da0eRxyAkFj/7D185
Y0He/8EDbdn2nWsPijjbI7kxnoccs6bWM/du7HM5XQnO2Z1TP0aLv79q7mywMyX9
55PwlfYQbG+O05B83P6fmTkfY8BjRK4cEjxGOPtbIqVyi6B6NjhtxQzzD23rK0RK
uTvbkl3y2OjddMjHcQyYxpF7+yOwt809hsiQA0gYzu716FqmtEeaM7O43rQo29Uu
nj5/vsgOA4k8N3rsmA4JgzJhetw8HJNNZAVLs/xD4q+bKaVKyxHC3m/s8ooOoebR
AOZohAhF+s4b34xSHzJtH+Ov4GqYlKlHQ0RVmvLihF6JJlQmfrUJkhNZB4RnkWXS
MFdbes3HlyzWLR2iaTSzQHCXVsXMFfl09QFoD4QIEhdB/z5lJ8NIozIdb9N69L/I
pZyeLr1AbmeoHZaJqzlwMw9tWOyQCqLlNQOuP4ngI4pD/rRE1BDGNBRj8j8rHyn8
TBDzP+Qi///3YFqfyKhAuefImIP8BOoET8p3dWTM+vKR/EZEXIiHBDjS8hqBPs9K
pW3U0R43xFVfJhbgI7B9UIyfJkoJhZIMToAGs/OMCyQkjjA1IrA=
=5uco
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5893-1] tomcat10 security update
Next by Date: [SECURITY] [DSA 5895-1] xz-utils security update
Previous by thread: [SECURITY] [DSA 5893-1] tomcat10 security update
Next by thread: [SECURITY] [DSA 5895-1] xz-utils security update
Index(es):
- Date
- Thread