------------------------------------------------------------------------- Debian LTS Advisory DLA-3780-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany April 06, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : jetty9 Version : 9.4.50-4+deb10u2 CVE ID : CVE-2024-22201 Debian Bug : 1064923 Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service. For Debian 10 buster, this problem has been fixed in version 9.4.50-4+deb10u2. We recommend that you upgrade your jetty9 packages. For the detailed security status of jetty9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jetty9 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part