Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

openSUSE Leap 15.5: SUSE-SU-2024:0765-1 Important Denial-of-Service

opensuse
Calendar Grey March 5, 2024
Dist Opensuse Esm H88
The latest release of rubygem-rack fixes severe denial-of-service vulnerabilities. Detailed installation instructions are included.
This update for rubygem-rack fixes the following issues: CVE-2024-25126: Fixed a denial-of-service vulnerability in Rack Content-Type parsing (bsc#1220239).

Description

This update for rubygem-rack fixes the following issues:

* CVE-2024-25126: Fixed a denial-of-service vulnerability in Rack Content-Type

parsing (bsc#1220239).

* CVE-2024-26141: Fixed a denial-of-service vulnerability in Range request

header parsing (bsc#1220242).

* CVE-2024-26146: Fixed a denial-of-service vulnerability in Rack headers

parsing routine (bsc#1220248).

Topics%20covered

Topics Covered

security advisory software update denial-of-service openSUSE rubygem-rack

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5

zypper in -t patch openSUSE-SLE-15.5-2024-765=1

* SUSE Linux Enterprise High Availability Extension 15 SP2

zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-765=1

* SUSE Linux Enterprise High Availability Extension 15 SP3

zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2024-765=1

* SUSE Linux Enterprise High Availability Extension 15 SP4

zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2024-765=1

* SUSE Linux Enterprise High Availability Extension 15 SP5

zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2024-765=1

Package List

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)

* ruby2.5-rubygem-rack-doc-2.0.8-150000.3.21.2

* ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.21.2

* ruby2.5-rubygem-rack-2.0.8-150000.3.21.2

* SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le

s390x x86_64)

* ruby2.5-rubygem-rack-2.0.8-150000.3.21.2

* SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le

s390x x86_64)

* ruby2.5-rubygem-rack-2.0.8-150000.3.21.2

* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le

s390x x86_64)

* ruby2.5-rubygem-rack-2.0.8-150000.3.21.2

* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le

s390x x86_64)

* ruby2.5-rubygem-rack-2.0.8-150000.3.21.2

References

* bsc#1220239

* bsc#1220242

* bsc#1220248

## References:

* https://www.suse.com/security/cve/CVE-2024-25126.html

* https://www.suse.com/security/cve/CVE-2024-26141.html

* https://www.suse.com/security/cve/CVE-2024-26146.html

* https://bugzilla.suse.com/show_bug.cgi?id=1220239

* https://bugzilla.suse.com/show_bug.cgi?id=1220242

* https://bugzilla.suse.com/show_bug.cgi?id=1220248

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:0765-1
Rating: important

Topics%20covered

Topics Covered

security advisory software update denial-of-service openSUSE rubygem-rack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here