Sunday, August 18, 2024

[USN-6837-2] Rack vulnerabilitie

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmbCqe4FAwAAAAAACgkQuGrtzot7pOcH
OQv+M54HM/QNo2ZatIGWUd6sg1V/m7zN53CLZ3xgyfMqw9G+6CrkfhTczXi2KLwZ721AwqrmMsse
mgjFLAiaNOMX725AeFA8ANrKW/eEld2f4uSA3WohfTfgmz1iRz8RArvmmyYPNfS8e7TapTekVqgU
tquveNsrPCba47KJxbz2QY3LSVYa9dP7DCr+i/7rb5vkO5dwnW8mDnWa9l6cq3KuwP0BFv+2qf7t
Yn5TaM3tnVpWLBHEZVhNiAF09iq/ZZoFiqHW0l5Wqu+snu1RKMIlNZVWwIxKxx7bBBneqkorqW/G
M4xqm4rVkP5O2Oyjk2NMeeB/qJ9M8A1QnrVjFW8vq4nY8VHtgrzlwGAqzh1R43yvZnibsya9j4xl
afOVXrPBTkBMuI2NI814KaKw8VtVrxYAGqBxnZwgEC1AxL0fT+D105509YH7uQrBuklFkoCiWDn+
FmMOEFZa+GSyD083pV+qCX6cUGiKDtYSqOcQwvcnpLq7fYdei0JywXY1mUGv
=Fgj1
-----END PGP SIGNATURE----- 

==========================================================================  Ubuntu Security Notice USN-6837-2  August 19, 2024    ruby-rack vulnerabilities  ==========================================================================    A security issue affects these releases of Ubuntu and its derivatives:    - Ubuntu 22.04 LTS  - Ubuntu 20.04 LTS  - Ubuntu 18.04 LTS  - Ubuntu 16.04 LTS  - Ubuntu 14.04 LTS    Summary:    Several security issues were fixed in Rack.    Software Description:  - ruby-rack: modular Ruby webserver interface    Details:    It was discovered that Rack incorrectly parsed certain media types. A  remote attacker could possibly use this issue to cause Rack to consume  resources, leading to a denial of service. This issue only affected   Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-25126)    It was discovered that Rack incorrectly handled certain Range headers. A  remote attacker could possibly use this issue to cause Rack to create   large responses, leading to a denial of service. (CVE-2024-26141)    It was discovered that Rack incorrectly handled certain crafted headers. A  remote attacker could possibly use this issue to cause Rack to consume  resources, leading to a denial of service. (CVE-2024-26146)    Update instructions:    The problem can be corrected by updating your system to the following  package versions:    Ubuntu 22.04 LTS    ruby-rack                       2.1.4-5ubuntu1+	5                                    Available with Ubuntu Pro    Ubuntu 20.04 LTS    ruby-rack                       2.0.7-2ubuntu0.1+esm5                                    Available with Ubuntu Pro    Ubuntu 18.04 LTS    ruby-rack                       1.6.4-4ubuntu0.2+esm6                                    Available with Ubuntu Pro    Ubuntu 16.04 LTS    ruby-rack                       1.6.4-3ubuntu0.2+esm6                                    Available with Ubuntu Pro    Ubuntu 14.04 LTS    ruby-rack                       1.5.2-3+deb8u3ubuntu1~esm8                                    Available with Ubuntu Pro    After a standard system update you need to restart any applications using  Rack to make all the necessary changes.    References:    https://ubuntu.com/security/notices/USN-6837-2    https://ubuntu.com/security/notices/USN-6837-1    CVE-2024-25126, CVE-2024-26141, CVE-2024-26146

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)