Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 565
Alerts This Week
Warning Icon 1 565

Ubuntu 7057-2: WEBrick Security Advisory Updates

ubuntu
Calendar Grey October 8, 2024
Scroller Ubuntu
Ubuntu Security Notice USN-7057-2 updates for ruby-webrick addressing HTTP smuggling risks, effective October 2024.
WEBrick could allow a HTTP request smuggling attack.

Summary

WEBrick could allow a HTTP request smuggling attack.

Software Description:

- ruby-webrick: HTTP server toolkit in Ruby

Details:

USN-7057-1 fixed a vulnerability in WEBrick. This update provides the

corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that WEBrick incorrectly handled having both a Content-

Length header and a Transfer-Encoding header. A remote attacker could

possibly use this issue to perform a HTTP request smuggling attack.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   ruby-webrick                    1.7.0-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7057-2

https://ubuntu.com/security/notices/USN-7057-1

CVE-2024-47220

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7057-2

Topics%20covered

Topics Covered

No topics assigned

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.