-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3800-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 29, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : ruby-rack Version : 2.0.6-3+deb10u4 CVE ID : CVE-2024-25126 CVE-2024-26141 CVE-2024-26146 Debian Bug : 1064516 Multiple vulnerabilities were fixed in ruby-rack, an interface for developing web applications in Ruby. CVE-2024-25126 ReDoS in Content Type header parsing CVE-2024-26141 Reject Range headers which are too large CVE-2024-26146 ReDoS in Accept header parsing For Debian 10 buster, these problems have been fixed in version 2.0.6-3+deb10u4. We recommend that you upgrade your ruby-rack packages. For the detailed security status of ruby-rack please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-rack Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYva/kACgkQiNJCh6LY mLHSPA/+I1ISd2y2JCz2jF7TqDA0MayRFxDWvaIMqT9fkhuQ0hsFD6CTHOYdttcI lQALes8XodZowqsI47wIUNxRwDTJ1jnOc0c7fSFWCstGC11St13GvVvOGoUYKuSX 9nL9cePVjyM8ETRbYrVmuNzdPAOCKPOFLWPHJBOQx/c6GEnPH1HJ+1rcrqgs1CNA 0JyozwyGwjkcxp0Q3dIFy91CJ1u6gl9VR0faDzF3vJiz0q7T9dU1Kb3MvjX1VtLO SKWYfCKNsKRvQ2oz89VEotK75bKT6+YrIkMcH4oTkT5E4ZLKw1m7pOWXr5Fn6tao oxt5pxBoiG65vsL5oHUdUGSQnP86udH4KQ2PjZELKqzjTzOZn3xPLu3WPi8p1Vrg KUtkcG+VAvEqHLsuwIHypgo6VmXbWBqH9G8IPa5D2oFT2B7J/bTQzbWaQC/K1cvt nnahHgAJuS3tCwb/nifbZnDyldmPWfH5+2z9elx3S3P7digtFJiw2qqqb94dN+Sc X8YTS8qfmH7rxopbGCn235SVJUnlthzpw35blueZiDIe1269uFZ7rMkeyQs92gt8 V3DHMqHR7RHnUu4Yq2GXNbcLLuZz9Dwe4Ey+Pgfdj+vybBasn81cJQIKxYXG80KN IpbYFFbovljJcGt2N00mrlkbe0vRuZvrX/foSGqsnQWSGFo0KwQ= =SpLy -----END PGP SIGNATURE-----