==========================================================================
Ubuntu Security Notice USN-4561-1
September 30, 2020
ruby-rack vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Rack could be made to expose sensitive information over the network.
Software Description:
- ruby-rack: modular Ruby webserver interface
Details:
It was discovered that Rack incorrectly handled certain paths. An attacker
could possibly use this issue to obtain sensitive information.
(CVE-2020-8161)
It was discovered that Rack incorrectly validated cookies. An attacker
could possibly use this issue to forge a secure cookie. (CVE-2020-8184)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
ruby-rack 1.6.4-4ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4561-1
CVE-2020-8161, CVE-2020-8184
Package Information:
https://launchpad.net/ubuntu/+source/ruby-rack/1.6.4-4ubuntu0.2
No comments:
Post a Comment