Tuesday, October 8, 2024

[USN-7057-2] WEBrick vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmcFYJkACgkQZWnYVadE
vpNPcQ//VHl8ZF7BSXHNB78S24JuLI2c5kAVdDDs1fh0uq8QfsY3XLxjNuydvMOD
BgwOZA3pkUaey//20cx900+qolTL81nVh0ZXlelUEpd81BSz+BEFnGJTu2a2AUbp
RMdoRhucOifiLLg8nk5QjFSuSegr/zdwJ+PKN7k+fZ7Ll5SnYm3YaujImOrNtW/B
318LbWwzZ36X8yDD80UQKJ7j6l4kq/IWa0zB9nHbP/1eSgtWuERpN0MnBOIaGlJR
kz095SnqHsiBb3AYsRuLH5D6rsAoCKCLeo0L2VgN4d52BAeG+kskymGeSdl/WQjq
/9nszZ0SYzzBiBgkZOaQAakvz4jMxBwVO6m2mXTBXfSgJ1FTXcQbFH9QAI2PSlYE
OR3w/zk48ToyrdgnOKi1I41GjTJkpfnhvNqkXETlzGTFZa9rwbZcx3nd5H/Ryj1P
Kk0/ISymQHqsPwpVL38Ab6JmtgDXjFs+cUAPDm39YPqSJSSslXrPIwU6tH/8kYwc
PclMdjg7IxeH/m52psdzWIcvxdpoW+hQvnHC3kIW/oRVCZo019bnNUNS9eHQLzUJ
QHo2cJ8EsSDU2GRVUmxoCwi57AsQ1D33Ed+XPrsWSbnKgsN+VDQnU/YG1nA3iCxk
5WDKU9GNnYv9ow93hgyR1nrZBd2zN3vB8v3eZ4HktA8dtgy34m4=
=c9/6
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7057-2
October 08, 2024

ruby-webrick vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

WEBrick could allow a HTTP request smuggling attack.

Software Description:
- ruby-webrick: HTTP server toolkit in Ruby

Details:

USN-7057-1 fixed a vulnerability in WEBrick. This update provides the
corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that WEBrick incorrectly handled having both a Content-
Length header and a Transfer-Encoding header. A remote attacker could
possibly use this issue to perform a HTTP request smuggling attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
ruby-webrick 1.7.0-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7057-2
https://ubuntu.com/security/notices/USN-7057-1
CVE-2024-47220

Package Information:
https://launchpad.net/ubuntu/+source/ruby-webrick/1.7.0-3ubuntu0.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)