DEBIAN: 2023: Critical Django Security Patch Released for 2021-2

suse

May 4, 2022

An update that fixes three vulnerabilities is now available

Summary

This update for rubygem-puma fixes the following issues: rubygem-puma was updated to version 4.3.11: * CVE-2021-29509: Adjusted an incomplete fix for allows Denial of Service (DoS) (bsc#1188527) * CVE-2021-41136: Fixed request smuggling if HTTP header value contains the LF character (bsc#1191681) * CVE-2022-23634: Fixed information leak between requests (bsc#1196222) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1515=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1515=1 - SUSE Linux Enterprise High Availability 15-SP4:

Topics Covered

security advisory denial of service information leak important SUSE request smuggling rubygem-puma

References

#1188527 #1191681 #1196222

Cross- CVE-2021-29509 CVE-2021-41136 CVE-2022-23634

CVSS scores:

CVE-2021-29509 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-29509 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-41136 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

CVE-2021-41136 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

CVE-2022-23634 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

SUSE Linux Enterprise High Availability 15

SUSE Linux Enterprise High Availability 15-SP1

SUSE Linux Enterprise High Availability 15-SP2

SUSE Linux Enterprise High Availability 15-SP3

SUSE Linux Enterprise High Availability 15-SP4

SUSE Linux Enterprise High Performance Computing 15

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2022:1515-1

Rating: important

Topics Covered

security advisory denial of service information leak important SUSE request smuggling rubygem-puma

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

DEBIAN: 2023: Critical Django Security Patch Released for 2021-2

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

DEBIAN: 2023: Critical Django Security Patch Released for 2021-2

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!