UbuntuUpdates.org

Package "ruby-rack"

Name: ruby-rack

Description:

modular Ruby webserver interface

Latest version: 2.2.4-3ubuntu0.2
Release: mantic (23.10)
Level: security
Repository: main
Homepage: https://rack.github.io/

Links


Download "ruby-rack"


Other versions of "ruby-rack" in Mantic

Repository Area Version
base main 2.2.4-3
updates main 2.2.4-3ubuntu0.2

Changelog

Version: 2.2.4-3ubuntu0.2 2024-06-17 20:07:25 UTC

  ruby-rack (2.2.4-3ubuntu0.2) mantic-security; urgency=medium

  * SECURITY UPDATE: DoS in Multipart MIME parsing code
    - debian/patches/CVE-2023-27530.patch: limit all multipart parts, not
      just files in README.rdoc, lib/rack/multipart/parser.rb,
      lib/rack/utils.rb, test/spec_multipart.rb, test/spec_request.rb.
    - CVE-2023-27530
  * SECURITY UPDATE: DoS via crafted content type headers
    - debian/patches/CVE-2024-25126.patch: avoid 2nd degree polynomial
      regexp in MediaType in lib/rack/media_type.rb.
    - CVE-2024-25126

 -- Marc Deslauriers <email address hidden> Fri, 14 Jun 2024 13:20:04 -0400

Source diff to previous version
CVE-2023-27530 A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an at
CVE-2024-25126 Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expec

Version: 2.2.4-3ubuntu0.1 2024-03-12 13:06:58 UTC

  ruby-rack (2.2.4-3ubuntu0.1) mantic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2023-27539.patch: avoid ReDos
      in lib/rack/request.rb.
    - CVE-2023-27539
  * SECURITY UPDATE: Denial of service
    - debian/parches/CVE-2024-26141.patch: return an empty array
      when ranges are too large in lib/rack/utils.rb.
    - CVE-2024-26141
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2024-26146.patch: Fixing ReDoS in header parsing
      in lib/rack/utils.rb.
    - CVE-2024-26146

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 05 Mar 2024 13:42:47 -0300

CVE-2024-26141 Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Respo
CVE-2024-26146 Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a p



About   -   Send Feedback to @ubuntu_updates