Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 22.04 LTS: USN-7036-1 moderate: ruby-rack denial of service

ubuntu
Calendar Grey September 26, 2024
Dist Ubuntu Esm H88
Noteworthy enhancements for ruby-rack security flaws in Ubuntu 22.04 LTS; serious concerns causing service disruption resolved.
Several security issues were fixed in Rack.

Summary

Several security issues were fixed in Rack.

Software Description:

- ruby-rack: modular Ruby webserver interface

Details:

It was discovered that Rack was not properly parsing data when processing

multipart POST requests. If a user or automated system were tricked into

sending a specially crafted multipart POST request to an application using

Rack, a remote attacker could possibly use this issue to cause a denial of

service. (CVE-2022-30122)

It was discovered that Rack was not properly escaping untrusted data when

performing logging operations, which could cause shell escaped sequences

to be written to a terminal. If a user or automated system were tricked

into sending a specially crafted request to an application using Rack, a

remote attacker could possibly use this issue to execute arbitrary code in

the machine running the application. (CVE-2022-30123)

It was discovered that Rack did not properly structure regular expressions

in some of its parsing compon...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   ruby-rack                       2.1.4-5ubuntu1.1

After a standard system update you need to restart any applications using
Rack to make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7036-1

  CVE-2022-30122, CVE-2022-30123, CVE-2022-44570, CVE-2022-44571,

  CVE-2022-44572, CVE-2023-27530, CVE-2023-27539, CVE-2024-25126,

  CVE-2024-26141, CVE-2024-26146,

Package Information

 

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here