Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Rack (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Rack (Aktualisierung)
ID: USN-4561-2
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10
Datum: Di, 6. April 2021, 22:43
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8161
Applikationen: RACK
Update von: Zwei Probleme in ruby-rack

Originalnachricht


--===============7104031573706908342==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="ijr2bovnroj3cegn"
Content-Disposition: inline


--ijr2bovnroj3cegn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4561-2
April 06, 2021

ruby-rack vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 16.04 LTS

Summary:

Rack could be made to expose sensitive information over the network.

Software Description:
- ruby-rack: modular Ruby webserver interface

Details:

USN-4561-1 fixed vulnerabilities in Rack. This update provides the
corresponding update for Ubuntu 16.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10.

Original advisory details:

It was discovered that Rack incorrectly handled certain paths. An attacker
could possibly use this issue to obtain sensitive information. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2020-8161)

It was discovered that Rack incorrectly validated cookies. An attacker
could possibly use this issue to forge a secure cookie. (CVE-2020-8184)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
ruby-rack 2.1.1-5ubuntu0.1

Ubuntu 20.04 LTS:
ruby-rack 2.0.7-2ubuntu0.1

Ubuntu 16.04 LTS:
ruby-rack 1.6.4-3ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-4561-2
https://ubuntu.com/security/notices/USN-4561-1
CVE-2020-8161, CVE-2020-8184

Package Information:
https://launchpad.net/ubuntu/+source/ruby-rack/2.1.1-5ubuntu0.1
https://launchpad.net/ubuntu/+source/ruby-rack/2.0.7-2ubuntu0.1
https://launchpad.net/ubuntu/+source/ruby-rack/1.6.4-3ubuntu0.2

--ijr2bovnroj3cegn
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAmBsSIYACgkQkGeI6zGn
N/+J/Q//fV+p4tbYbk24PVG4/PSkzV6OQPkfNCZn2bN9MeiDg73YenXd5mk23pcH
K4TDGgjVeTqyjWsi+ahhP2yFa5j92h7kC++HstsZczHem9QQZK+aVsDnIU0Zht4E
qYbOy48wdkQzgrWX8ckdXTyMOCRNCrpyWE0hTcExsWHL+QDBZZ4XBjIiKkPY/rRY
GIqHL8yQCCy8mP2ZHH/oMgp+eG2c13+juIlKZQd33X2aYGapqjFLnEgM0KGMlmc6
+gWiKbUXnAYjSed8QJqSQLiwOTrYeqXc/P06BDj18kW29QUJZLy9iRDUa7vMtwLP
CuqrzkXTgJoOnL6lLeY0hIliBzBglC85jjtEQqupjN5uo138tMQloc+Dr98pQOx6
hnCs6/i0SGHRHS9t0dAR7FRVeEhx7Fczwo0vvCxzyd/pwsuiCNxBzfmcqn4Bo9x1
Ayqe3lfP6z6sB6D2p9a5sJ0K4KYqq5Jt6oe/aiYOLyvotXaZqPP6uZwV3CkMldwA
X7NwUViVZxjQt2Yw/wAqnx0uFFwbOc/9W7UfwdobzcxCAD1LGfemSvMhyn7j3krL
IyAbXKFkCkNTs8VKQfRwxdJEZgIBVBwmC3XTcbdCrh3A0D5FL5rmP3WrVLylLmHX
rRZSl6VvouHswn/PfxN067ZOS+6qlwk35nd8u9ecY2iz6T6E8XQ=
=wwSj
-----END PGP SIGNATURE-----

--ijr2bovnroj3cegn--


--===============7104031573706908342==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung