Debian LTS: DLA-3360-1: ruby-sidekiq security update | LinuxSecurit...

What Are You Looking For?

Popular Tags

Contribute

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-3360-1              [email protected]
https://www.debian.org/lts/security/                      Utkarsh Gupta
March 13, 2023                              https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : ruby-sidekiq
Version        : 5.2.3+dfsg-1+deb10u1
CVE ID         : CVE-2021-30151 CVE-2022-23837
Debian Bug     : 987354 1004193

ruby-sidekiq, a simple, efficient background processing for Ruby,
had a couple of vulnerabilities as follows:

CVE-2021-30151

    Sidekiq allows XSS via the queue name of the live-poll feature
    when Internet Explorer is used.

CVE-2022-23837

    In api.rb in Sidekiq, there is no limit on the number of days
    when requesting stats for the graph. This overloads the system,
    affecting the Web UI, and makes it unavailable to users.

For Debian 10 buster, these problems have been fixed in version
5.2.3+dfsg-1+deb10u1.

We recommend that you upgrade your ruby-sidekiq packages.

For the detailed security status of ruby-sidekiq please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-sidekiq

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3360-1: ruby-sidekiq security update

March 12, 2023
ruby-sidekiq, a simple, efficient background processing for Ruby, had a couple of vulnerabilities as follows: CVE-2021-30151

Summary

CVE-2021-30151

Sidekiq allows XSS via the queue name of the live-poll feature
when Internet Explorer is used.

CVE-2022-23837

In api.rb in Sidekiq, there is no limit on the number of days
when requesting stats for the graph. This overloads the system,
affecting the Web UI, and makes it unavailable to users.

For Debian 10 buster, these problems have been fixed in version
5.2.3+dfsg-1+deb10u1.

We recommend that you upgrade your ruby-sidekiq packages.

For the detailed security status of ruby-sidekiq please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-sidekiq

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : ruby-sidekiq
Version : 5.2.3+dfsg-1+deb10u1
CVE ID : CVE-2021-30151 CVE-2022-23837
Debian Bug : 987354 1004193

Related News

Citrix Fixes Severe Flaws in Workspace, Virtual Apps and Desktops

Microsoft Edge Beta Expands Enhanced Security Mode to macOS and Linux

New Mirai Malware Variant Infects Linux Devices to Build DDoS Botnet

Open Source 2022 Wins and Losses

News

Advisories

HOWTOs

Features

Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy