Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Ubuntu 24.04 LTS USN-6837-1 Moderate: Rack Denial Of Service

Calendar Jun 17, 2024 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service security issue ubuntu resource management rack
Several security issues were fixed in Rack. 
==========================================================================
Ubuntu Security Notice USN-6837-1
June 17, 2024

ruby-rack vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10

Summary:

Several security issues were fixed in Rack.

Software Description:
- ruby-rack: modular Ruby webserver interface

Details:

It was discovered that Rack incorrectly handled Multipart MIME parsing. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. This issue only affected Ubuntu
23.10. (CVE-2023-27530)

It was discovered that Rack incorrectly parsed certain media types. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-25126)

It was discovered that Rack incorrectly handled certain Range headers. A
remote attacker could possibly use this issue to cause Rack to create large
responses, leading to a denial of service. This issue only affected Ubuntu
24.04 LTS. (CVE-2024-26141)

It was discovered that Rack incorrectly handled certain crafted headers. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. This issue only affected Ubuntu
24.04 LTS. (CVE-2024-26146)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   ruby-rack                       2.2.7-1ubuntu0.1

Ubuntu 23.10
   ruby-rack                       2.2.4-3ubuntu0.2

After a standard system update you need to restart any applications using
Rack to make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6837-1
   CVE-2023-27530, CVE-2024-25126, CVE-2024-26141, CVE-2024-26146

Package Information:
   https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1ubuntu0.1
   https://launchpad.net/ubuntu/+source/ruby-rack/2.2.4-3ubuntu0.2

Ubuntu 24.04 LTS USN-6837-1 Moderate: Rack Denial Of Service

ubuntu
Calendar Grey June 17, 2024
Dist Ubuntu Esm H88
Multiple vulnerabilities impacting Ruby Rack in Ubuntu 24.04 LTS and 23.10 necessitate urgent action to ensure security.
Several security issues were fixed in Rack.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 Summary: Several security issues were fixed in Rack. Software Description: - ruby-rack: modular Ruby webserver interface Details: It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.10. (CVE-2023-27530) It was discovered that Rack incorrectly parsed certain media types. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. (CVE-2024-25126) It was discovered that Rack incorrectly handled certain Range headers. A remote attacker could possibly use this issue to cause Rack to create large responses, leading to a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-26141) It was discovered that Rac...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service security issue ubuntu resource management rack

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS ruby-rack 2.2.7-1ubuntu0.1 Ubuntu 23.10 ruby-rack 2.2.4-3ubuntu0.2 After a standard system update you need to restart any applications using Rack to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6837-1

CVE-2023-27530, CVE-2024-25126, CVE-2024-26141, CVE-2024-26146

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6837-1

Topics%20covered

Topics Covered

security advisory denial of service security issue ubuntu resource management rack

Package Information

https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/ruby-rack/2.2.4-3ubuntu0.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here