Package "ruby-rack"
Name: |
ruby-rack
|
Description: |
modular Ruby webserver interface
|
Latest version: |
2.1.4-5ubuntu1.1 |
Release: |
jammy (22.04) |
Level: |
updates |
Repository: |
universe |
Homepage: |
https://rack.github.io/ |
Links
Download "ruby-rack"
Other versions of "ruby-rack" in Jammy
Changelog
ruby-rack (2.1.4-5ubuntu1.1) jammy-security; urgency=high
* SECURITY UPDATE: Outstanding CVEs patched upstream (LP: #2078711)
- Following patches ported from debian bullseye (2.1.4-3+deb11u2)
- CVE-2024-25126: ReDoS in Content Type header parsing
- CVE-2024-26141: Reject Range headers which are too large
- CVE-2024-26146: ReDoS in Accept header parsing
- CVE-2022-30122: Add patch to restrict broken mime parsing.
- CVE-2022-30123: Add patch to escape untrusted text when logging.
- CVE-2022-44570: Add patch to fix ReDoS in Rack::Utils.get_byte_ranges.
- CVE-2022-44571: Add patch to fix ReDoS vulnerability in multipart parser.
- CVE-2022-44572: Add patch to forbid control characters in attributes.
- CVE-2023-27530: Add patch to limit all multipart parts, not just files.
- CVE-2023-27539: Add patch to avoid ReDoS problem.
* Build test fix [ Bruce Cable <email address hidden> ]
- fix-spec-mock-tests.patch: modifies expected value for build tests to
pass
-- Lissa Moriarty <email address hidden> Mon, 02 Sep 2024 15:46:12 +0100
|
2078711 |
Outstanding CVEs in ruby-rack |
CVE-2024-25126 |
Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expec |
CVE-2024-26141 |
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Respo |
CVE-2024-26146 |
Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a p |
CVE-2022-30122 |
A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. |
CVE-2022-30123 |
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and Common |
CVE-2022-44570 |
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsin |
CVE-2022-44571 |
There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This coul |
CVE-2022-44572 |
A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker t |
CVE-2023-27530 |
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an at |
|
About
-
Send Feedback to @ubuntu_updates