Ubuntu 22.04 LTS: USN-7036-1 moderate: ruby-rack denial of service
ubuntu
September 26, 2024
Several security issues were fixed in Rack.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Rack. Software Description: - ruby-rack: modular Ruby webserver interface Details: It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-30122) It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application. (CVE-2022-30123) ...
Read the Full Advisory
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS ruby-rack 2.1.4-5ubuntu1.1 After a standard system update you need to restart any applications using Rack to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-7036-1
CVE-2022-30122, CVE-2022-30123, CVE-2022-44570, CVE-2022-44571,
CVE-2022-44572, CVE-2023-27530, CVE-2023-27539, CVE-2024-25126,
CVE-2024-26141, CVE-2024-26146,
PREVIOUS 
NEXT Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!