========================================================================== Ubuntu Security Notice USN-5896-1 February 27, 2023 ruby-rack vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Rack. Software Description: - ruby-rack: modular Ruby webserver interface Details: It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-30122) It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application. (CVE-2022-30123) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: ruby-rack 2.1.4-5ubuntu1+esm2 Ubuntu 20.04 LTS: ruby-rack 2.0.7-2ubuntu0.1+esm2 Ubuntu 18.04 LTS: ruby-rack 1.6.4-4ubuntu0.2+esm2 After a standard system update you need to restart any applications using Rack to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5896-1 CVE-2022-30122, CVE-2022-30123 Package Information:
Ubuntu 5896-1: Rack vulnerabilities
February 27, 2023
Several security issues were fixed in Rack.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Rack. Software Description: - ruby-rack: modular Ruby webserver interface Details: It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-30122) It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application. (CVE-2022-30123)
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: ruby-rack 2.1.4-5ubuntu1+esm2 Ubuntu 20.04 LTS: ruby-rack 2.0.7-2ubuntu0.1+esm2 Ubuntu 18.04 LTS: ruby-rack 1.6.4-4ubuntu0.2+esm2 After a standard system update you need to restart any applications using Rack to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-5896-1
CVE-2022-30122, CVE-2022-30123
Severity
Ubuntu Security Notice USN-5896-1
Package Information
News
HOWTOs
Features
Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems
About Us
Powered By
