Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Ubuntu 24.04 LTS USN-6837-1 Moderate: Rack Denial Of Service

ubuntu
Calendar Grey June 17, 2024
Scroller Ubuntu
Multiple vulnerabilities impacting Ruby Rack in Ubuntu 24.04 LTS and 23.10 necessitate urgent action to ensure security.
Several security issues were fixed in Rack.

Summary

Several security issues were fixed in Rack.

Software Description:

- ruby-rack: modular Ruby webserver interface

Details:

It was discovered that Rack incorrectly handled Multipart MIME parsing. A

remote attacker could possibly use this issue to cause Rack to consume

resources, leading to a denial of service. This issue only affected Ubuntu

23.10. (CVE-2023-27530)

It was discovered that Rack incorrectly parsed certain media types. A

remote attacker could possibly use this issue to cause Rack to consume

resources, leading to a denial of service. (CVE-2024-25126)

It was discovered that Rack incorrectly handled certain Range headers. A

remote attacker could possibly use this issue to cause Rack to create large

responses, leading to a denial of service. This issue only affected Ubuntu

24.04 LTS. (CVE-2024-26141)

It was discovered that Rack incorrectly handled certain crafted headers. A

remote attacker could possibly use this issue to cause Rack to consume

re...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   ruby-rack                       2.2.7-1ubuntu0.1

Ubuntu 23.10
   ruby-rack                       2.2.4-3ubuntu0.2

After a standard system update you need to restart any applications using
Rack to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6837-1

CVE-2023-27530, CVE-2024-25126, CVE-2024-26141, CVE-2024-26146

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6837-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.