Описание
Security update for rubygem-rack-1_4
rubygem-rack-1_4 was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service. (bsc#934797)
Список пакетов
SUSE Lifecycle Management Server 1.3
rubygem-rack-1_4-1.4.5-0.7.3
SUSE Linux Enterprise Software Development Kit 11 SP3
rubygem-rack-1_4-1.4.5-0.7.3
SUSE Linux Enterprise Software Development Kit 11 SP4
rubygem-rack-1_4-1.4.5-0.7.3
SUSE Studio Onsite 1.3
rubygem-rack-1_4-1.4.5-0.7.3
SUSE WebYast 1.3
rubygem-rack-1_4-1.4.5-0.7.3
Ссылки
- Link for SUSE-SU-2015:1522-1
- E-Mail link for SUSE-SU-2015:1522-1
- SUSE Security Ratings
- SUSE Bug 934797
- SUSE CVE CVE-2015-3225 page
Описание
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
Затронутые продукты
SUSE Lifecycle Management Server 1.3:rubygem-rack-1_4-1.4.5-0.7.3
SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3
SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3
SUSE Studio Onsite 1.3:rubygem-rack-1_4-1.4.5-0.7.3
Ссылки
- CVE-2015-3225
- SUSE Bug 934797