Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:3571-1

Опубликовано: 13 окт. 2022
Источник: suse-cvrf

Описание

Security update for rubygem-puma

This update for rubygem-puma fixes the following issues:

Updated to version 4.3.12:

  • CVE-2022-24790: Fixed HTTP request smuggling if proxy is not RFC7230 compliant (bsc#1197818).

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP2-SAP-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP2-SAP-BYOS-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP2-SAP-BYOS-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP2-SAP-EC2-HVM
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP2-SAP-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP3-SAP-BYOS-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP3-SAP-BYOS-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-BYOS
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-BYOS-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-BYOS-EC2
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-BYOS-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-Hardened
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-Hardened-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-Hardened-BYOS
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-Hardened-EC2
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP4-SAP-Hardened-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP5-SAP-Azure-3P
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP5-SAP-BYOS-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP5-SAP-BYOS-EC2
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP5-SAP-BYOS-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP5-SAP-Hardened-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP5-SAP-Hardened-EC2
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP5-SAP-Hardened-GCE
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
SUSE Linux Enterprise High Availability Extension 15
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
SUSE Linux Enterprise High Availability Extension 15 SP1
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
SUSE Linux Enterprise High Availability Extension 15 SP2
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
SUSE Linux Enterprise High Availability Extension 15 SP3
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
SUSE Linux Enterprise High Availability Extension 15 SP4
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
openSUSE Leap 15.3
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1
openSUSE Leap 15.4
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1

Ссылки

Описание

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.

Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
Ссылки