Rack could be made to consume resources and cause long delays if it processed certain input.
Rack could be made to consume resources and cause long delays if it
processed certain input.
Software Description:
- ruby-rack: modular Ruby webserver interface
Details:
It was discovered that Rack incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
Rack to consume resources, leading to a denial of service.
(CVE-2023-27539)
It was discovered that Rack incorrectly handled Multipart MIME parsing.
A remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-27530)
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
ruby-rack 2.1.4-5ubuntu1+esm4
Available with Ubuntu Pro
Ubuntu 20.04 LTS
ruby-rack 2.0.7-2ubuntu0.1+esm4
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ruby-rack 1.6.4-4ubuntu0.2+esm5
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ruby-rack 1.6.4-3ubuntu0.2+esm5
Available with Ubuntu Pro
Ubuntu 14.04 LTS
ruby-rack 1.5.2-3+deb8u3ubuntu1~esm7
Available with Ubuntu Pro
After a standard system update you need to restart any applications using
Rack to make all the necessary changes.https://ubuntu.com/security/notices/USN-6905-1
CVE-2023-27530, CVE-2023-27539
Get the latest Linux and open source security news straight to your inbox.