SUSE-SU-2015:2190-1

Опубликовано: 03 дек. 2015

Источник: suse-cvrf

Описание

Security update for rubygem-rack-1_4

rubygem-rack-1_4 was updated to fix one security issue.

This security issue was fixed:

CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service (bsc#934797).

Список пакетов

SUSE Enterprise Storage 1.0

ruby2.1-rubygem-rack-1_4-1.4.5-8.10

SUSE Enterprise Storage 2

ruby2.1-rubygem-rack-1_4-1.4.5-8.10

SUSE Linux Enterprise Module for Containers 12

ruby2.1-rubygem-rack-1_4-1.4.5-8.10

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20152190-1/
Link for SUSE-SU-2015:2190-1
https://lists.suse.com/pipermail/sle-security-updates/2015-December/001716.html
E-Mail link for SUSE-SU-2015:2190-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/934797
SUSE Bug 934797
https://www.suse.com/security/cve/CVE-2015-3225/
SUSE CVE CVE-2015-3225 page

Описание

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.

Затронутые продукты

SUSE Enterprise Storage 1.0:ruby2.1-rubygem-rack-1_4-1.4.5-8.10

SUSE Enterprise Storage 2:ruby2.1-rubygem-rack-1_4-1.4.5-8.10

SUSE Linux Enterprise Module for Containers 12:ruby2.1-rubygem-rack-1_4-1.4.5-8.10

Ссылки

https://www.suse.com/security/cve/CVE-2015-3225.html
CVE-2015-3225
https://bugzilla.suse.com/934797
SUSE Bug 934797

SUSE-SU-2015:2190-1

Описание

Список пакетов

SUSE Enterprise Storage 1.0

SUSE Enterprise Storage 2

SUSE Linux Enterprise Module for Containers 12

Ссылки

Уязвимость: CVE-2015-3225

Описание

Затронутые продукты

Ссылки