Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Debian 8: DLA-2216-1 Moderate: Ruby-Rack Directory Traversal Issue

debian lts
Calendar Grey May 22, 2020
Dist Debian Esm H88
The ruby-rack package has been revised to address a potential directory traversal vulnerability on Debian 8. It is advisable to upgrade for enhanced security.
There was a possible directory traversal vulnerability in the Rack::Directory app that is bundled with Rack
Topics%20covered

Topics Covered

security advisory debian directory traversal ruby rack

Summary

If certain directories exist in a director that is managed by
`Rack::Directory`, an attacker could, using this vulnerability,
read the contents of files on the server that were outside of
the root specified in the Rack::Directory initializer.

For Debian 8 "Jessie", this problem has been fixed in version
1.5.2-3+deb8u3.

We recommend that you upgrade your ruby-rack packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Best,
Utkarsh


Package: ruby-rack
Version: 1.5.2-3+deb8u3
CVE ID: CVE-2020-8161

Topics%20covered

Topics Covered

security advisory debian directory traversal ruby rack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here