USN-4561-2

Source

https://ubuntu.com/security/notices/USN-4561-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4561-2.json

Related

Published

2021-04-06T11:13:44.383235Z

Modified

2021-04-06T11:13:44.383235Z

Summary

ruby-rack vulnerabilities

Details

USN-4561-1 fixed vulnerabilities in Rack. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10.

Original advisory details:

It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8161)

It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie. (CVE-2020-8184)

References

Affected packages

Ubuntu:20.04:LTS / ruby-rack

Package

Name: ruby-rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.0.7-2ubuntu0.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "ruby-rack": "2.0.7-2ubuntu0.1"
        }
    ]
}

Ubuntu:16.04:LTS / ruby-rack

Package

Name: ruby-rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.6.4-3ubuntu0.2

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "ruby-rack": "1.6.4-3ubuntu0.2"
        }
    ]
}