Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Ubuntu 22.04 LTS USN-6905-1 Moderate: Rack Denial Of Service

ubuntu
Calendar Grey July 23, 2024
Dist Ubuntu Esm H88
Framework patches resolve security issues affecting resource allocation and service interruption across various releases of Ubuntu.

Rack could be made to consume resources and cause long delays if it processed certain input.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Rack could be made to consume resources and cause long delays if it processed certain input. Software Description: - ruby-rack: modular Ruby webserver interface Details: It was discovered that Rack incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. (CVE-2023-27539) It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-27530)

Topics%20covered

Topics Covered

security advisory denial of service security issue update instructions ubuntu resource exhaustion ruby rack

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS ruby-rack 2.1.4-5ubuntu1+esm4 Available with Ubuntu Pro Ubuntu 20.04 LTS ruby-rack 2.0.7-2ubuntu0.1+esm4 Available with Ubuntu Pro Ubuntu 18.04 LTS ruby-rack 1.6.4-4ubuntu0.2+esm5 Available with Ubuntu Pro Ubuntu 16.04 LTS ruby-rack 1.6.4-3ubuntu0.2+esm5 Available with Ubuntu Pro Ubuntu 14.04 LTS ruby-rack 1.5.2-3+deb8u3ubuntu1~esm7 Available with Ubuntu Pro After a standard system update you need to restart any applications using Rack to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6905-1

CVE-2023-27530, CVE-2023-27539

Severity
important
Lowest
Low
Medium
High
Critical

==========================================================================

Topics%20covered

Topics Covered

security advisory denial of service security issue update instructions ubuntu resource exhaustion ruby rack

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here