MGASA-2020-0423 - Updated ruby packages fix a security vulnerability

Publication date: 13 Nov 2020
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-25613

A potential HTTP request smuggling vulnerability in WEBrick was reported.
WEBrick was too tolerant against an invalid Transfer-Encoding header. This may
lead to inconsistent interpretation between WEBrick and some HTTP proxy
servers, which may allow the attacker to “smuggle” a request (CVE-2020-25613).


- 7/core/ruby-2.5.8-22.mga7