USN-5910-1

Source

https://ubuntu.com/security/notices/USN-5910-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5910-1.json

Related

Published

2023-03-02T17:43:56.788349Z

Modified

2023-03-02T17:43:56.788349Z

Summary

ruby-rack vulnerabilities

Details

It was discovered that Rack did not properly structure regular expressions in some of its parsing components, which could result in uncontrolled resource consumption if an application using Rack received specially crafted input. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-44570, CVE-2022-44571)

It was discovered that Rack did not properly structure regular expressions in its multipart parsing component, which could result in uncontrolled resource consumption if an application using Rack to parse multipart posts received specially crafted input. A remote attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2022-44572)

References

Affected packages

Ubuntu:Pro:20.04:LTS / ruby-rack

Package

Name: ruby-rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.0.7-2ubuntu0.1+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "ruby-rack": "2.0.7-2ubuntu0.1+esm3"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / ruby-rack

Package

Name: ruby-rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.1.4-5ubuntu1+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "ruby-rack": "2.1.4-5ubuntu1+esm3"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / ruby-rack

Package

Name: ruby-rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.5.2-3+deb8u3ubuntu1~esm6

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "ruby-rack": "1.5.2-3+deb8u3ubuntu1~esm6",
            "librack-ruby": "1.5.2-3+deb8u3ubuntu1~esm6",
            "librack-ruby1.8": "1.5.2-3+deb8u3ubuntu1~esm6",
            "librack-ruby1.9.1": "1.5.2-3+deb8u3ubuntu1~esm6"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / ruby-rack

Package

Name: ruby-rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.6.4-4ubuntu0.2+esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "ruby-rack": "1.6.4-4ubuntu0.2+esm4"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / ruby-rack

Package

Name: ruby-rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.6.4-3ubuntu0.2+esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "ruby-rack": "1.6.4-3ubuntu0.2+esm4"
        }
    ]
}