SUSE-SU-2015:1888-1

Опубликовано: 01 сент. 2015

Источник: suse-cvrf

Описание

Security update for rubygem-rack

rubygem-rack was updated to fix one security issue.

This security issue was fixed:

CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service (bsc#934797).

Список пакетов

SUSE Lifecycle Management Server 1.3

rubygem-rack-1.1.6-0.11.2

SUSE Linux Enterprise Software Development Kit 11 SP3

rubygem-rack-1.1.6-0.11.2

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20151888-1/
Link for SUSE-SU-2015:1888-1
https://lists.suse.com/pipermail/sle-security-updates/2015-November/001658.html
E-Mail link for SUSE-SU-2015:1888-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/934797
SUSE Bug 934797
https://www.suse.com/security/cve/CVE-2015-3225/
SUSE CVE CVE-2015-3225 page

Описание

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.

Затронутые продукты

SUSE Lifecycle Management Server 1.3:rubygem-rack-1.1.6-0.11.2

SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2

Ссылки

https://www.suse.com/security/cve/CVE-2015-3225.html
CVE-2015-3225
https://bugzilla.suse.com/934797
SUSE Bug 934797

SUSE-SU-2015:1888-1

Описание

Список пакетов

SUSE Lifecycle Management Server 1.3

SUSE Linux Enterprise Software Development Kit 11 SP3

Ссылки

Уязвимость: CVE-2015-3225

Описание

Затронутые продукты

Ссылки