[USN-7031-1] Puma vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmby0TgACgkQZWnYVadE
vpNr7g/+LjmQWFYM2Eeh5shUz0MOLfB7owZbiNT0BH4wc4YHKfIJ4reE42Nt8io9
a3YGSHAMBEpyZAKgWD7S4AEwlMvF5iW1d+FMxkRO1xd6Bg0UOp3OYOi0vFMlfo8X
QkyEbY2wg2Bfl3M4QjNP4HGjqBD6HXTij45t5FtqJoUuurJSO1VKGQs4JXurGiak
ufzBsLqBIyNnKdt9MXnKBUBcsP7yYjzWUt+cWKTix1TLKTPHu+nfhKYKbrGFhRcX
d5xAuL+tbBSgLB7pX7spVspjCGv10XRMjrNVAIc06GLYikk/oaDyiq9AWgemDPJm
gVdLbsBjTE2FHsHBCplQeXIPQXw6O/viA7Yox8W5A7wcpbg0DqCwmfQhKazuRsJd
lg0S2HHa0F39czVrP6O2hkXExfd14aEejNvCKx9C4pAwE6UaQEuOAow0LLVLwRch
IdKrBzlO+30WZFPyBMx8xn92KGpfsQ08XzKrn5lMiBdO11psDdami/diL+ge5gt9
VfUxHQv301av+mnWJ21Aad0kr8ugyIOTrXor6k+pmU+HsTDg6uLFSv65Eo20qJNB
YYyDoGhvApV90yhRxn3Xmje8qDcqXKnPg5IQi7V4b+69kqBligMXdFMHyNT2lTxH
8xP35jBofjZ1u7Y1R05jbMErLg1C0wZK20aSEl2haN0PFXdI4Ts=
=cSzb
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7031-1
September 24, 2024

puma vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Puma could be made to overwrite headers if it received specially crafted
network traffic.

Software Description:
- puma: threaded HTTP 1.1 server for Ruby/Rack applications

Details:

It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to overwrite header values
set by intermediate proxies by providing duplicate headers containing
underscore characters.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
puma 6.4.2-4ubuntu4.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7031-1
CVE-2024-45614

Package Information:
https://launchpad.net/ubuntu/+source/puma/6.4.2-4ubuntu4.3